VDB

GCVE-110-NCSC-2025-18

GCVE-110-NCSC-2025-18
Advisory PublishedCVSS 9.8/10
Vulnetix · Advisory published January 15, 2025
Fortinet heeft kwetsbaarheden verholpen in FortiSwitch, FortiManager, FortiAnalyzer, FortiOS en FortiProxy.

Weaknesses (CWE)

CWE-321Use of Hard-coded Cryptographic KeyCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-476NULL Pointer DereferenceCWE-23Relative Path TraversalCWE-346Origin Validation ErrorCWE-787Out-of-bounds WriteCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-266Incorrect Privilege AssignmentCWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')CWE-121Stack-based Buffer OverflowCWE-306Missing Authentication for Critical FunctionCWE-125Out-of-bounds ReadCWE-201Insertion of Sensitive Information Into Sent DataCWE-770Allocation of Resources Without Limits or ThrottlingCWE-190Integer Overflow or WraparoundCWE-672Operation on a Resource after Expiration or ReleaseCWE-1390Weak AuthenticationCWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Risk Scores

CVSS 3.1
9.8/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C

Affected Products

VendorProductVersionsPlatforms
fortinetfortimanager
fortinetfortianalyzer
fortinetfortiproxy
fortinetfortiswitch
fortinetfortios

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›