Fortinet Product Security Update Advisory (CVE-2024-48887)

Apr 10 2025

Overview

We have released security updates to fix vulnerabilities in Fortinet products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2024-48887

FortiSwitch Version: 7.6.0
FortiSwitch version: 7.4.0 or later and 7.4.4 or earlier
FortiSwitch version: 7.2.0 or later and 7.2.8 or earlier
FortiSwitch version: 7.0.0 or later and 7.0.10 or earlier
FortiSwitch version: 6.4.0 or later and 6.4.14 or earlier

Resolved Vulnerabilities

Password change vulnerability due to missing validation (CVE-2024-48887)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-48887

FortiSwitch Version: 7.6.0
FortiSwitch Version: 7.4.5
FortiSwitch version: 7.2.9
FortiSwitch version: 7.0.11
FortiSwitch version: 6.4.15

References

[1] Unverified password change via set_password endpoint
https://fortiguard.fortinet.com/psirt/FG-IR-24-435

Fortinet Product Security Update Advisory (CVE-2024-48887)

MS Family April 2025 Routine Security Update Advisory

Gladinet Product Security Update Advisory (CVE-2025-30406)

Tags:

MS Family April 2025 Routine Security Update Advisory

Gladinet Product Security Update Advisory (CVE-2025-30406)