Fortinet Product Security Update Advisory

Jun 27 2025

Overview

We have released security updates to fix vulnerabilities in Fortinet products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-22252

FortiOS version: 7.6.0
FortiOS version: 7.4.4 or later and 7.4.6 or earlier
FortiProxy version: 7.6.0 or later and 7.6.1 or earlier
FortiSwitchManager version: 7.2.5

CVE-2025-25251

FortiClientMac Version: 7.4.0 or later and 7.4.2 or earlier
FortiClientMac version: 7.2.0 or later and 7.2.8 or earlier
FortiClientMac Versions: 7.0 All

Resolved Vulnerabilities

Authentication Bypass Vulnerability in FortiOS, FortiProxy, and FortiSwitchManager (CVE-2025-22252)
Privilege escalation vulnerability via XPC messages in FortiClientMac (CVE-2025-25251)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-22252

FortiOS version: 7.6.1 and later
FortiOS version: 7.4.7 and later
FortiProxy Version: 7.6.2 and later
FortiSwitchManager version: 7.2.6 and later

CVE-2025-25251

FortiClientMac Version: 7.4.3 and later
FortiClientMac version: 7.2.9 and later
FortiClientMac version: Upgrade to the corrected version

References

[1] TACACS+ authentication bypass
https://fortiguard.fortinet.com/psirt/FG-IR-24-472
[2] Local privilege escalation in XPC services
https://fortiguard.fortinet.com/psirt/FG-IR-25-016

Fortinet Product Security Update Advisory

WinRAR Security Update Advisory (CVE-2025-6218)

IBM Product Security Update Advisory

Tags:

WinRAR Security Update Advisory (CVE-2025-6218)

IBM Product Security Update Advisory