Security Advisory

Fortinet Product Security Update Advisory

  • Oct 16 2025
Fortinet Product Security Update Advisory

Overview

 

We have released security updates to fix vulnerabilities in Fortinet products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-47856

 

FortiVoice Versions: 7.2.0 and above and below 7.2.1
FortiVoice Versions: 7.0.0 or later and 7.0.6 or earlier
FortiVoice version: 6.4.0 or later and 6.4.10 or earlier

 

CVE-2025-49201

 

FortiPAM version: 1.5.0 or later and less than 1.5.1
FortiPAM version: 1.4.0 or later and 1.4.2 or earlier
FortiPAM version: 1.3
FortiPAM version: 1.2
FortiPAM version: 1.1
FortiPAM version: 1.0
FortiSwitchManager version: 7.2.0 or later and 7.2.4 or earlier

 

CVE-2025-57741

 

FortiClientMac Version: 7.4.0 or later and 7.4.3 or earlier
FortiClientMac version: 7.2.0 or later and 7.2.11 or earlier
FortiClientMac version: 7.0

 

CVE-2025-58325

 

FortiOS version: 7.6.0 or later and less than 7.6.1
FortiOS version: 7.4.0 or later and 7.4.5 or earlier
FortiOS version: 7.2.0 or later and 7.2.10 or earlier
FortiOS version: 7.0.0 or later and 7.0.15 or earlier
FortiOS version: 6.4

 

 

Resolved Vulnerabilities

 

OS command injection vulnerability in FortiVoice (CVE-2025-47856)
Weak authentication vulnerability in FortiPAM and FortiSwitch Manager WAD/GUI (CVE-2025-49201)
Local privilege escalation vulnerability in FortiClientMac (CVE-2025-57741)
CLI Command Restriction Bypass Vulnerability in FortiOS (CVE-2025-58325)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-47856

 

FortiVoice version: 7.2.1 and later
FortiVoice version: 7.0.7 and later
FortiVoice version: 6.4.11 and later

 

CVE-2025-49201

 

FortiPAM Version: 1.5.1 and later
FortiPAM Version: 1.4.3 and later
FortiSwitchManager version: 7.2.5 and later

 

CVE-2025-57741

 

FortiClientMac Version: 7.4.4 and later
FortiClientMac Version: 7.2.12 and later

 

CVE-2025-58325

 

FortiOS version: 7.6.1 and later
FortiOS Version: 7.4.6 and later
FortiOS version: 7.2.11 and later
FortiOS version: 7.0.16 and later

 

 

References

 

[1] Command injection vulnerability
https://fortiguard.fortinet.com/psirt/FG-IR-25-250
[2] Weak authentication in WAD/GUI
https://fortiguard.fortinet.com/psirt/FG-IR-25-010
[3] Local Privilege Escalation in LaunchDaemon
https://fortiguard.fortinet.com/psirt/FG-IR-25-664
[4] Restricted CLI command bypass
https://fortiguard.fortinet.com/psirt/FG-IR-24-361

Tags:
Previous Post

Next Post