Bleeping Computer

Fortinet discloses second firewall auth bypass patched in January

Update 2/11/25 07:32 PM ET: After publishing our story, Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January.
SDxCentral

Fortinet unearths second FortiWeb firewall vulnerability in as many weeks

Fortinet has uncovered a bug in its FortiWeb firewall offering, the second issue to be reported with the product in a month. First reported by The Register, the vulnerability (CVE-2025-58034) could ...
Ars Technica

FortiGate admins report active exploitation 0-day. Vendor isn’t talking.

Fortinet, a maker of network security software, has kept a critical vulnerability under wraps for more than a week amid reports that attackers are using it to execute malicious code on servers used by ...
Dark Reading

Researchers Develop Exploit Code for Critical Fortinet VPN Bug

Researchers have written exploit code for a critical remote code execution (RCE) vulnerability in Fortinet's FortiGate SSL VPNs that the vendor disclosed and patched in June 2023. Bishop Fox's ...