Fortinet Security Vulnerabilities History Timeline

Fortinet security vulnerabilities history timeline

Fortinet has recorded a significant history of security vulnerabilities across its flagship FortiOS platform and related products such as FortiWeb, FortiSIEM, and FortiProxy, with at least 18 major flaws disclosed or patched between 2023 and 2026, including multiple actively exploited critical-severity issues. From SSL VPN exposures in 2023 to 2024 to SAML-based authentication bypasses and command-injection flaws in 2025-2026, Fortinet's vulnerability timeline reflects both rapid remediation cycles and recurring concerns about patch deployment and disclosure transparency.

Major vulnerabilities from 2023-2024

Between 2023 and 2024, Fortinet faced two headline-level incidents that exposed hundreds of thousands of FortiGate firewalls and related appliances to remote code execution style attacks. One of the most serious was CVE-2024-23113, a critical FortiOS vulnerability carrying a CVSS score of 9.8 that allowed unauthenticated attackers to execute arbitrary code on vulnerable devices, affecting multiple versions of FortiPAM, FortiProxy, and FortiWeb. Initial analysis suggested up to 86,000 public Fortinet instances remained exposed several months after the patch, underscoring the challenge of enterprise-scale appliance patching.

flags political

1. 2023, January-March: First public reports of a chain of SSL VPN vulnerabilities in FortiGate devices, with threat actors exploiting authentication-bypass flaws to gain unauthorized access.
2. 2023, mid-year: Security researchers observed widespread exploitation of an unpatched FortiOS vulnerability, leading to mass scans targeting internet-facing firewalls.
3. 2024, early-mid year: CVE-2024-23113 emerges, affecting multiple Fortinet product lines and prompting alerts from federal agencies and threat-intelligence firms.
4. 2024, October: Independent scanning data showed more than 86,000 Fortinet devices still vulnerable to the CVE-2024-23113 exploit, despite a nine-month patch window.

These episodes contributed to a perception that Fortinet's product security posture was strong in research and detection but fragile in patch-adoption patterns across large, heterogeneous networks.

2025: Command-injection and silent patching controversies

In 2025, Fortinet issued multiple advisories for high- and critical-severity FortiOS and FortiSIEM bugs, including several command-injection and privilege-escalation flaws. One notable issue was CVE-2025-64155 in FortiSIEM, where specially crafted TCP requests allowed unauthenticated attackers to inject arbitrary commands into the underlying operating system, earning a CVSS score of 9.4. Around the same time, Fortinet patched a heap-based buffer overflow in the cw_acd daemon on FortiSwitchManager and several FortiOS versions, rated 7.4, which could enable code execution via malicious network requests.

Another controversial episode in 2025 involved a critical FortiWeb vulnerability tracked as CVE-2025-64446, a path-traversal defect that let unauthenticated attackers execute administrative commands through crafted HTTPS requests. The patch was silently rolled out in a software update on October 28, 2025 (version 8.0.2), but Fortinet did not publish a CVE or detailed advisory until 17 days later, by which time active exploitation had already begun on a large scale. This delayed disclosure drew criticism from researchers and federal authorities, who argued it left many organizations unaware of the need to patch until after intrusions were detected.

• CVE-2025-64446: Path-traversal flaw in FortiWeb leading to full administrative takeover, CVSS 9.8.
• CVE-2025-64155: Remote command injection in FortiSIEM, CVSS 9.4.
• CVE-2025-25249: Heap-based buffer overflow in the cw_acd daemon on multiple FortiOS and FortiSwitchManager releases, CVSS 7.4.
• Multiple XSS and privilege-escalation issues across FortiNDR, FortiSandbox, and FortiADC in 2025 advisories.

Across 2025, Fortinet's own security blog highlighted that its internal FortiGuard Labs research team had discovered and responsibly disclosed 84 vulnerabilities in third-party software over a prior one-year window, positioning the vendor as a proactive security researcher even as its own products faced persistent flaws.

2026: SAML flaws and ongoing exposure

In late 2025 and early 2026, Fortinet addressed a pair of critical SAML-based authentication bypass vulnerabilities that again affected multiple product lines. The first, CVE-2025-59718, targeted FortiOS, FortiProxy, and FortiSwitchManager, exploiting improper cryptographic-signature validation in SAML messages to allow an attacker to log in without valid credentials. The second, CVE-2025-59719, mirrored the issue in FortiWeb, similarly enabling attackers to bypass single-sign-on protections and gain administrative access.

Both SAML vulnerabilities were rated 9.8 on the CVSS scale and began being actively abused in the wild around December 12, 2025, with threat actors observed downloading system configuration files that disclosed network layouts, firewall rules, and stored hashed credentials. By January 2026, Fortinet and security researchers urged customers to disable FortiCloud login for affected versions and upgrade to patched releases such as FortiOS 7.6.4+, 7.4.9+, 7.2.12+, and 7.0.18+. These incidents added to a broader pattern of Fortinet security failures involving repeated breaches of its SSL VPN architecture over a two-year span, with estimates suggesting that state-linked threat actors exfiltrated over 20,000 device configurations from UK-based organizations alone.

Putting Fortinet's vulnerability history in context

Across the period from 2023 to 2026, Fortinet has issued advisories for at least 18 major vulnerabilities affecting core products such as FortiOS, FortiProxy, FortiWeb, FortiSIEM, and FortiSandbox. Roughly one-third of these were rated "critical" (CVSS ≥ 9.0), with the remainder split between "high" and "medium" severities, reflecting both the complexity of the underlying security-appliance stack and the attractiveness of Fortinet devices as high-value targets.

The following table summarizes select Fortinet vulnerabilities from 2023-2026, along with their primary impact and approximate patch window:

This pattern illustrates that while Fortinet's FortiGuard Labs and incident-response teams move quickly to remediate issues, the sheer volume and severity of vulnerabilities have made its installed base a recurring focal point for ransomware groups, nation-state actors, and commodity bot-driven scanning.

Are there alternatives to Fortinet for similar security controls?

For organizations concerned about Fortinet security vulnerabilities, major alternatives include firewall/UTM platforms from vendors such as Palo Alto Networks, Cisco, Check Point, and Juniper, all of which maintain their own security advisory programs and patch cadences. However, every vendor experiences vulnerabilities; the key differentiator is typically not the absence of flaws but the speed of patch deployment, depth of threat-intelligence integration, and transparency of incident disclosure. As with Fortinet, organizations evaluating alternatives should weigh the product's vulnerability history, ecosystem maturity, and

What are the most common questions about Fortinet Security Vulnerabilities History Timeline?

Explore More Similar Topics

Mediterranean Cruise Deal Trends 2026

Read More →

Car Refrigerants Global Warming Potential

Read More →

Celebrity Cruises Practices Crews Wish You Knew

Read More →

Celebrity Cruises Fleet Management Systems

Read More →

Celebrity Cruises Operations Overview

Read More →

Hollywood Redheaded Actors Rising 2026

Read More →