Alert GCSA-25088 - Vulnerabilita' multiple nei prodotti Fortinet

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

******************************************************************

Alert ID: GCSA-25088
Data: 14 Luglio 2025
Titolo: Vulnerabilita' multiple nei prodotti Fortinet

******************************************************************


:: Descrizione del problema

Fortinet ha rilasciato degli aggiornamenti per risolvere varie
vulnerabilita' presenti nei suoi prodotti:

FG-IR-24-437 SQL injection in forward module
FG-IR-24-511 PKI via API: Authentication granted with an invalid certificate
FG-IR-25-026 Heap-based buffer overflow in cw_stad daemon
FG-IR-24-053 DNS type 65 resource record requests bypass DNS filter
FG-IR-25-151 Unauthenticated SQL injection in GUI

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software / Tecnologie interessate

FortiOS
FortiProxy
FortiManager
FortiAnalyzer
FortiSASE
FortiWeb


:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Elusione delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni (ID)


:: Soluzioni

Applicare gli aggiornamenti rilasciati dal produttore:

https://fortiguard.fortinet.com/psirt/FG-IR-24-437
https://fortiguard.fortinet.com/psirt/FG-IR-24-511
https://fortiguard.fortinet.com/psirt/FG-IR-25-026
https://fortiguard.fortinet.com/psirt/FG-IR-24-053
https://fortiguard.fortinet.com/psirt/FG-IR-25-151


:: Riferimenti

Fortinet
https://www.fortiguard.com/psirt

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25257




GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----

iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCaHTNVw0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBC0xYAn0mQXk2B/zrGLInk0wQqu20VwTOwAJ9DQk6ae/ig
zqKXlS0xQmm858gzXw==
=o2+I
-----END PGP SIGNATURE-----