Customers who can’t improve are suggested to filter communications on port 7900, which is utilized by the phMonitor part to watch the well being of system processes and to distribute duties to them.
Fortinet additionally fastened a excessive severity authentication bypass flaw, CVE-2024-26009, in FortiOS, FortiProxy, and FortiPAM. The vulnerability can solely be exploited on units managed by a FortiManager equipment by way of the proprietary FGFM protocol, and the attacker is aware of the system’s serial quantity. If exploitation is profitable, attackers can execute arbitrary code and instructions on the system.
Different fixes launched this week handle medium-risk flaws in varied merchandise, together with a path traversal leading to arbitrary file overwrite (CVE-2024-52964) and unauthorized command execution, a double-free reminiscence concern (CVE-2023-45584) resulting in unauthorized code execution, an incorrect privilege task in Safety Material (CVE-2025-53744) resulting in privilege escalation, and an integer overflow (CVE-2025-25248) resulting in denial of service.
