Fortinet has published a security advisory highlighting vulnerabilities in the following products on July 8th and updated it on July 14th, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated.
- FortiAnalyzer – multiple versions
- FortiAnalyzer Cloud – multiple versions
- FortiIsolator – multiple versions
- FortiManager – multiple versions
- FortiManager Cloud – multiple versions
- FortiOS 7.6 – versions 7.6.0 to 7.6.1
- FortiOS 7.4 – versions 7.4.0 to 7.4.7
- FortiOS 7.2 – versions 7.2.0 to 7.2.11
- FortiOS 7.0 – versions 7.0.1 to 7.0.16
- FortiProxy 7.6 – versions 7.6.0 to 7.6.1
- FortiProxy 7.4 – versions 7.4.0 to 7.4.8
- FortiProxy 7.2 – versions 7.2.0 to 7.2.13
- FortiProxy 7.0 – versions 7.0.0 to 7.0.20
- FortiSandbox – multiple versions
- FortiVoice 6.4 – versions 6.4.0 to 6.4.10
- FortiVoice 7.0 – versions 7.0.0 to 7.0.6
- FortiVoice 7.2 – versions 7.2.0
- FortiWeb – multiple versions
Update 1
CVE-2025-25257: Unauthenticated SQL injection in GUI affecting:
- FortiWeb 7.6 – versions 7.6.0 to 7.6.3
- FortiWeb 7.4 – versions 7.4.0 to 7.4.7
- FortiWeb 7.2 – versions 7.2.0 to 7.2.10
- FortiWeb 7.0 – versions 7.0.0 to 7.0.10
For more information on these updates, you can follow this URL:
The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.
PDF Download: Fortinet Security Advisory
References