![Top Features of Vision-Based Workplace Safety Tools [2025]](https://static.wixstatic.com/media/379e66_7e75a4bcefe14e4fbc100abdff83bed3~mv2.jpg/v1/fit/w_1000,h_884,al_c,q_80/file.png?#)
![[The AI Show Episode 152]: ChatGPT Connectors, AI-Human Relationships, New AI Job Data, OpenAI Court-Ordered to Keep ChatGPT Logs & WPP’s Large Marketing Model](https://www.marketingaiinstitute.com/hubfs/ep%20152%20cover.png)
.jpg?#)
![MindsEye From Ex-GTA Producer Is A Day-One Car Wreck [Update]](https://i.kinja-img.com/image/upload/c_fill,h_675,pg_1,q_80,w_1200/aa09b256615c422f7d1e1535d023e578.png)
.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_incamerastock_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![PSA: iOS 26 Spatial Scenes will work on iPhones 12 and up [U]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/06/spatial-photos-ios26.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple categorically denies Siri vaporware claims, and offers a better explanation [Video]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/06/Apple-categorically-denies-Siri-vaporware-claims-and-offers-a-better-explanation.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![This new iPad keyboard was purpose-built for versatility and portability – Logitech Flip Folio [Hands-on]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/06/Logitech-FI.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![iOS 26 and its ‘Liquid Glass’ redesign is being compared to ancient Android skins [Video]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/06/ios-26-android-phones.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Shares Teaser Trailer for 'The Lost Bus' Starring Matthew McConaughey [Video]](https://www.iclarified.com/images/news/97582/97582/97582-640.jpg)
![Apple Debuts Trailer for Third Season of 'Foundation' [Video]](https://www.iclarified.com/images/news/97589/97589/97589-640.jpg)
Fortinet Security Update: Critical Patch Addressing Multiple Vulnerabilities Across Products
Fortinet has released security updates addressing multiple vulnerabilities across its product portfolio, including FortiOS, FortiAnalyzer, FortiProxy, and FortiWeb systems. The cybersecurity company’s Product Security Incident Response Team (PSIRT) published advisories covering flaws ranging from privilege escalation to command injection vulnerabilities that could potentially compromise enterprise network security. The most critical issue disclosed is CVE-2023-42788, a […] The post Fortinet Security Update: Critical Patch Addressing Multiple Vulnerabilities Across Products appeared first on Cyber Security News.
.png?#)
Fortinet has released security updates addressing multiple vulnerabilities across its product portfolio, including FortiOS, FortiAnalyzer, FortiProxy, and FortiWeb systems.
The cybersecurity company’s Product Security Incident Response Team (PSIRT) published advisories covering flaws ranging from privilege escalation to command injection vulnerabilities that could potentially compromise enterprise network security.
The most critical issue disclosed is CVE-2023-42788, a high-severity OS command injection vulnerability affecting FortiAnalyzer, FortiManager, and related products.
This flaw allows privileged users with “System Settings” access to execute arbitrary commands through specially crafted parameters in diagnostic commands, potentially granting attackers root shell access.
Multiple Vulnerabilities Patched
The vulnerability impacts FortiAnalyzer versions 7.4.0 and 7.2.0 through 7.2.3, along with FortiManager and FortiAnalyzer-BigData systems.
Fortinet addressed three SSL-VPN-related vulnerabilities in FortiOS systems. CVE-2024-50562 represents a medium-severity insufficient session expiration vulnerability that could allow attackers to maintain unauthorized access through persistent SSL-VPN cookies.
Additionally, CVE-2025-25250 exposes sensitive information to unauthorized actors through the SSL-VPN endpoint, while CVE-2025-22251 involves improper communication channel restrictions in the FortiGate Security Processor (FGSP).
These SSL-VPN vulnerabilities affect multiple FortiOS versions, including 7.6.0 and various 7.4.x releases, as well as FortiSASE cloud services.
Given Fortinet’s history with SSL-VPN exploits, including recent critical vulnerabilities like CVE-2024-21762 that were actively exploited in the wild, organizations should prioritize patching these issues .
Two medium-severity privilege escalation vulnerabilities were also patched. CVE-2025-22254 affects the GUI websocket module across FortiOS, FortiProxy, and FortiWeb products, allowing improper privilege management that could lead to unauthorized access escalation. Meanwhile, CVE-2025-22862 involves an authentication bypass vulnerability in the automation-stitch feature, affecting FortiOS and FortiProxy systems.
The security update also addresses several other vulnerabilities, including CVE-2023-29184, an incomplete cleanup issue where SSH keys remain added even if operations are aborted.
CVE-2024-50568 involves weak authentication in the security fabric daemon, while CVE-2025-24471 represents an improper certificate validation flaw that could allow EAP authentication bypass using revoked certificates.
Fortinet customers should immediately review the security advisories and apply available patches to affected systems. Given the company’s track record of vulnerabilities being exploited in the wild, including recent incidents involving CVE-2025-32756 affecting multiple Fortinet products, organizations should treat these updates as critical.
System administrators should also review logs for any suspicious activity and implement additional monitoring for the affected components while planning upgrade schedules.
Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints -> Request full access
The post Fortinet Security Update: Critical Patch Addressing Multiple Vulnerabilities Across Products appeared first on Cyber Security News.
