Fortinet has released updates to fix multiple vulnerabilities in its products. Vulnerabilities were identified in the FortiManager, FortiManager Cloud, FortiWeb, FortiCamera, FortiMail, FortiNDR, FortiRecorder, FortiVoice, FortiSOAR, FortiSIEM, FortiADC, FortiOS, FortiPAM, FortiProxy and FortiSwitchManager.  A malicious actor could exploit some of these vulnerabilities to trigger remote code execution, elevation of privilege, bypassing authentication and cross-site scripting on the targeted system.

Fortinet also fixed a dangerous vulnerability in FortiWeb (CVE-2025-52970), which allows a remote attacker to bypass authentication.

The issue impacts FortiWeb 7.0 to 7.6, and was fixed in the below versions:

• FortiWeb 7.6.4 and later
• FortiWeb 7.4.8 and later
• FortiWeb 7.2.11 and later
• FortiWeb 7.0.11 and later

More information on vulnerabilities and updates is available in Fortinet security advisories – fortinet.com