🛡️ Fortinet Monthly Recap | November 2025
Monatsübersicht November 2025.
📦 Firmware Updates
| Produkt | Version | Typ | Dokumentation |
|---|---|---|---|
| 1.7.2 | Feature | Release Notes | Admin Guide | |
| 1.7.2 | Feature | Release Notes | Admin Guide | |
| 7.6.6 | Patch | Release Notes | Admin Guide | |
| 7.4.12 | Patch | Release Notes | Admin Guide | |
| 7.2.2 | Feature | Release Notes | Admin Guide | |
| 7.6.1 | Patch | Release Notes | Admin Guide | |
| 1.13.1 | Patch | Release Notes | Admin Guide | |
| 7.4.9 | Patch | Release Notes | Admin Guide | |
| 7.0.13 | Patch | Release Notes | Admin Guide | |
| 7.0.18 | Patch | Release Notes | Admin Guide | |
| 7.4.10 | Patch | Release Notes | Admin Guide | |
| 5.0.5 | Patch | Release Notes | Admin Guide | |
| 7.0.15 | Patch | Release Notes | Admin Guide | |
| 7.0.15 | Patch | Release Notes | Admin Guide | |
| 7.0.18 | Patch | Release Notes | Admin Guide | |
| 1.0.0 | Major | Release Notes | Admin Guide | |
| 7.2.11 | Patch | Release Notes | Admin Guide | |
| 7.1.9 | Patch | Release Notes | Admin Guide | |
| 7.6.6 | Patch | Release Notes | Admin Guide | |
| 7.4.11 | Patch | Release Notes | Admin Guide |
⚠️ Sicherheitswarnungen (CVEs)
Kritische Schwachstellen (Score > 6.5) im November:
| ID | Score | Beschreibung (Betroffene Versionen) |
|---|---|---|
| CVE-2025-64446 | 9.8 | A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. |
| CVE-2025-46373 | 7.8 | A Heap-based Buffer Overflow vulnerability [CWE-122] in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to execute arbitrary code or commands via "fortips_74.sys". The attacker would need to bypass the Windows heap integrity protections |
| CVE-2025-47761 | 7.8 | An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection. |
| CVE-2025-53843 | 7.5 | A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted packets |
| CVE-2025-58034 | 7.2 | An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. |
| CVE-2025-58413 | 7.5 | A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiSASE 25.3.b allows attacker to execute unauthorized code or commands via specially crafted packets |
| CVE-2025-58692 | 8.8 | An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests. |