VDB

GCVE-110-NCSC-2025-53

GCVE-110-NCSC-2025-53
Advisory PublishedCVSS 6.7/10
Vulnetix · Advisory published February 12, 2025
Fortinet heeft kwetsbaarheden verholpen in verschillende producten, waaronder FortiOS, FortiProxy, FortiPAM, FortiSwitchManager, FortiSandbox, FortiManager en FortiAnalyzer.

Weaknesses (CWE)

CWE-134Use of Externally-Controlled Format StringCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-266Incorrect Privilege AssignmentCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-288Authentication Bypass Using an Alternate Path or Channel

Risk Scores

CVSS 3.1
6.7/10
Medium · CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C

Affected Products

VendorProductVersionsPlatforms
fortinetfortimanager
fortinetfortios_and_fortiproxy
fortinetfortianalyzer
fortinetfortiswitchmanager
fortinetfortios

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›