VDB
GCVE-110-NCSC-2025-18
GCVE-110-NCSC-2025-18
Advisory PublishedCVSS 9.8/10
Fortinet heeft kwetsbaarheden verholpen in FortiSwitch, FortiManager, FortiAnalyzer, FortiOS en FortiProxy.
Weaknesses (CWE)
CWE-321Use of Hard-coded Cryptographic KeyCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-476NULL Pointer DereferenceCWE-23Relative Path TraversalCWE-346Origin Validation ErrorCWE-787Out-of-bounds WriteCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-266Incorrect Privilege AssignmentCWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')CWE-121Stack-based Buffer OverflowCWE-306Missing Authentication for Critical FunctionCWE-125Out-of-bounds ReadCWE-201Insertion of Sensitive Information Into Sent DataCWE-770Allocation of Resources Without Limits or ThrottlingCWE-190Integer Overflow or WraparoundCWE-672Operation on a Resource after Expiration or ReleaseCWE-1390Weak AuthenticationCWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Risk Scores
CVSS 3.1
9.8/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| fortinet | fortimanager | — | — |
| fortinet | fortianalyzer | — | — |
| fortinet | fortiproxy | — | — |
| fortinet | fortiswitch | — | — |
| fortinet | fortios | — | — |
Aliases
CVE-2022-23439CVE-2023-37936CVE-2023-37937CVE-2023-42785CVE-2023-42791CVE-2023-46715CVE-2024-21762CVE-2024-26012CVE-2024-27778CVE-2024-32115CVE-2024-33502CVE-2024-33503CVE-2024-35273CVE-2024-35275CVE-2024-35276CVE-2024-35277CVE-2024-36504CVE-2024-36512CVE-2024-46662CVE-2024-46665CVE-2024-46666CVE-2024-46668CVE-2024-46669CVE-2024-46670CVE-2024-47571CVE-2024-48884CVE-2024-48886CVE-2024-50566CVE-2024-52963CVE-2024-54021
References
Browse GCVE Records
73,834 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.