cvelistv5 - cve-2024-54020

CVE-2024-54020 (GCVE-0-2024-54020)

Vulnerability from cvelistv5

Published

2025-05-28 07:55

Modified

2025-05-28 14:21

Severity ?

2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CWE

CWE-862 - Improper access control

Summary

A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.

References

URL

	Vendor	Product	Version
	Fortinet	FortiManager	Version: 7.2.0 ≤ 7.2.1 Version: 7.0.0 ≤ 7.0.7 cpe:2.3:o:fortinet:fortimanager:7.2.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.7:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.6:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.5:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.0:::::::*

CERTFR-2025-AVI-0399

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Fortinet indique que la vulnérabilité CVE-2025-32756 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiClient	FortiClientMac versions 7.4.x antérieures à 7.4.3
Fortinet	FortiPortal	FortiPortal versions 7.0.x antérieures à 7.0.10
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.5
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.7
Fortinet	FortiNDR	FortiNDR versions 7.1.x à 7.2.x antérieures à 7.2.5
Fortinet	FortiNDR	FortiNDR versions 7.6.x antérieures à 7.6.1
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.2
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.3
Fortinet	FortiClientEMS	FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.3
Fortinet	FortiRecorder	FortiRecorder versions 7.0.x antérieures à 7.0.6
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.8
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.1
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.4
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.0.7
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.8
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.2
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.7
Fortinet	FortiClient	FortiClientMac versions 7.x antérieures à 7.2.9
Fortinet	FortiRecorder	FortiRecorder versions 6.4.x antérieures à 6.4.6
Fortinet	FortiClient	FortiClientWindows versions 7.2.x antérieures à 7.2.2
Fortinet	FortiCamera	FortiCamera versions antérieures à 2.1.4
Fortinet	FortiPortal	FortiPortal versions 7.4.x antérieures à 7.4.2
Fortinet	FortiClientEMS	FortiClientEMS versions 7.4.x antérieures à 7.4.3
Fortinet	FortiSwitch	FortiSwitchManager versions 7.2.x antérieures à 7.2.6
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.15
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.8
Fortinet	FortiVoice	FortiVoiceUCDesktop versions antérieures à 7.0
Fortinet	FortiVoice	FortiVoice versions 6.4.x antérieures à 6.4.11
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.8
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.9
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.6

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-472	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-552	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-381	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-548	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-025	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-388	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-380	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-016	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-254	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-023	2025-05-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x \u00e0 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions ant\u00e9rieures \u00e0 2.1.4",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceUCDesktop versions ant\u00e9rieures \u00e0 7.0",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-25251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25251"
    },
    {
      "name": "CVE-2025-47294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47294"
    },
    {
      "name": "CVE-2025-24473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24473"
    },
    {
      "name": "CVE-2024-54020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54020"
    },
    {
      "name": "CVE-2025-46777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46777"
    },
    {
      "name": "CVE-2024-35281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35281"
    },
    {
      "name": "CVE-2025-32756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32756"
    },
    {
      "name": "CVE-2025-22252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22252"
    },
    {
      "name": "CVE-2025-47295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47295"
    },
    {
      "name": "CVE-2025-22859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22859"
    }
  ],
  "initial_release_date": "2025-05-13T00:00:00",
  "last_revision_date": "2025-05-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0399",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-32756 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-472",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-472"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-552",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-552"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-381",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-381"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-548",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-548"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-025",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-025"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-388",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-388"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-380",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-380"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-016",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-016"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-254",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-254"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-023"
    }
  ]
}

ghsa-jj5f-jxf3-25vx

Vulnerability from github

Published

2025-05-28 09:31

Modified

2025-05-28 09:31

Severity ?

2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-54020"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-28T08:15:20Z",
    "severity": "LOW"
  },
  "details": "A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.",
  "id": "GHSA-jj5f-jxf3-25vx",
  "modified": "2025-05-28T09:31:26Z",
  "published": "2025-05-28T09:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54020"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-023"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2024-54020

Vulnerability from fkie_nvd

Published

2025-05-28 08:15

Modified

2025-06-04 14:34

Severity ?

2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-24-023	Vendor Advisory

Impacted products

	Vendor	Product	Version
	fortinet	fortimanager	*
	fortinet	fortimanager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5248A7F-5122-4C07-8A4C-FE7A0BA07CF2",
              "versionEndExcluding": "7.0.8",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C654DFBA-E3B0-4865-9088-13385A428E78",
              "versionEndExcluding": "7.2.2",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests."
    },
    {
      "lang": "es",
      "value": "Una autorizaci\u00f3n faltante en las versiones 7.2.0 a 7.2.1 y 7.0.0 a 7.0.7 de Fortinet FortiManager puede permitir que un atacante autenticado sobrescriba las fuentes de amenazas globales a trav\u00e9s de solicitudes de actualizaci\u00f3n manipuladas."
    }
  ],
  "id": "CVE-2024-54020",
  "lastModified": "2025-06-04T14:34:54.323",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 1.4,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-28T08:15:20.043",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-023"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Primary"
    }
  ]
}

ncsc-2025-0166

Vulnerability from csaf_ncscnl

Published

2025-05-14 08:41

Modified

2025-05-14 08:41

Summary

Kwetsbaarheden verholpen in Fortinet producten

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Fortinet heeft kwetsbaarheden verholpen in FortiManager, FortiManager Cloud, FortiAnalyzer, FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiSwitchManager en FortiWeb.

Interpretaties

De kwetsbaarheden omvatten een OS Command Injection die lokale aanvallers in staat stelt om ongeautoriseerde code uit te voeren door CLI-commando-argumenten te manipuleren. Daarnaast zijn er kwetsbaarheden die het mogelijk maken voor aanvallers om ongeautoriseerde wijzigingen aan te brengen in globale dreigingsfeeds en om authenticatie te omzeilen, wat leidt tot administratieve toegang tot de apparaten. Ook zijn er kwetsbaarheden die kunnen leiden tot denial-of-service door het versturen van speciaal vervaardigde verzoeken. Deze kwetsbaarheden kunnen leiden tot controle over de getroffen systemen.

Oplossingen

Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-222

Truncation of Security-relevant Information

CWE-364

Signal Handler Race Condition

CWE-134

Use of Externally-Controlled Format String

CWE-354

Improper Validation of Integrity Check Value

CWE-190

Integer Overflow or Wraparound

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-757

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

CWE-400

Uncontrolled Resource Consumption

CWE-770

Allocation of Resources Without Limits or Throttling

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Fortinet heeft kwetsbaarheden verholpen in FortiManager, FortiManager Cloud, FortiAnalyzer, FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiSwitchManager en FortiWeb.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden omvatten een OS Command Injection die lokale aanvallers in staat stelt om ongeautoriseerde code uit te voeren door CLI-commando-argumenten te manipuleren. Daarnaast zijn er kwetsbaarheden die het mogelijk maken voor aanvallers om ongeautoriseerde wijzigingen aan te brengen in globale dreigingsfeeds en om authenticatie te omzeilen, wat leidt tot administratieve toegang tot de apparaten. Ook zijn er kwetsbaarheden die kunnen leiden tot denial-of-service door het versturen van speciaal vervaardigde verzoeken. Deze kwetsbaarheden kunnen leiden tot controle over de getroffen systemen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Truncation of Security-relevant Information",
        "title": "CWE-222"
      },
      {
        "category": "general",
        "text": "Signal Handler Race Condition",
        "title": "CWE-364"
      },
      {
        "category": "general",
        "text": "Use of Externally-Controlled Format String",
        "title": "CWE-134"
      },
      {
        "category": "general",
        "text": "Improper Validation of Integrity Check Value",
        "title": "CWE-354"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
        "title": "CWE-362"
      },
      {
        "category": "general",
        "text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
        "title": "CWE-757"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
        "title": "CWE-78"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-381"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-388"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-167"
      },
      {
        "category": "external",
        "summary": "Reference - certbundde",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-490"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-122"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-472"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-023"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-472"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Fortinet producten",
    "tracking": {
      "current_release_date": "2025-05-14T08:41:08.980708Z",
      "generator": {
        "date": "2025-02-25T15:15:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.0"
        }
      },
      "id": "NCSC-2025-0166",
      "initial_release_date": "2025-05-14T08:41:08.980708Z",
      "revision_history": [
        {
          "date": "2025-05-14T08:41:08.980708Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/unknown",
                "product": {
                  "name": "vers:unknown/unknown",
                  "product_id": "CSAFPID-1363392",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fortinet FortiOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/unknown",
                "product": {
                  "name": "vers:unknown/unknown",
                  "product_id": "CSAFPID-2002532",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "fortiproxy"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/unknown",
                "product": {
                  "name": "vers:unknown/unknown",
                  "product_id": "CSAFPID-1363409",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fortinet FortiAnalyzer"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/unknown",
                "product": {
                  "name": "vers:unknown/unknown",
                  "product_id": "CSAFPID-1363397",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortimanager:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fortinet FortiManager"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/unknown",
                "product": {
                  "name": "vers:unknown/unknown",
                  "product_id": "CSAFPID-2838319"
                }
              }
            ],
            "category": "product_name",
            "name": "FortiClient"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/unknown",
                "product": {
                  "name": "vers:unknown/unknown",
                  "product_id": "CSAFPID-2838320"
                }
              }
            ],
            "category": "product_name",
            "name": "FortiClient-EMS"
          }
        ],
        "category": "vendor",
        "name": "Fortinet"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-42788",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-42788",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42788.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1363392",
            "CSAFPID-2002532",
            "CSAFPID-1363409",
            "CSAFPID-1363397",
            "CSAFPID-2838319",
            "CSAFPID-2838320"
          ]
        }
      ],
      "title": "CVE-2023-42788"
    },
    {
      "cve": "CVE-2023-48795",
      "cwe": {
        "id": "CWE-222",
        "name": "Truncation of Security-relevant Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Truncation of Security-relevant Information",
          "title": "CWE-222"
        },
        {
          "category": "other",
          "text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
          "title": "CWE-757"
        },
        {
          "category": "other",
          "text": "Improper Validation of Integrity Check Value",
          "title": "CWE-354"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-48795",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1363392",
            "CSAFPID-2002532",
            "CSAFPID-1363409",
            "CSAFPID-1363397",
            "CSAFPID-2838319",
            "CSAFPID-2838320"
          ]
        }
      ],
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2024-6387",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Signal Handler Race Condition",
          "title": "CWE-364"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6387",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6387.json"
        }
      ],
      "title": "CVE-2024-6387"
    },
    {
      "cve": "CVE-2024-45324",
      "cwe": {
        "id": "CWE-134",
        "name": "Use of Externally-Controlled Format String"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Externally-Controlled Format String",
          "title": "CWE-134"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45324",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45324.json"
        }
      ],
      "title": "CVE-2024-45324"
    },
    {
      "cve": "CVE-2024-54020",
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-54020",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54020.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1363392",
            "CSAFPID-2002532",
            "CSAFPID-1363409",
            "CSAFPID-1363397",
            "CSAFPID-2838319",
            "CSAFPID-2838320"
          ]
        }
      ],
      "title": "CVE-2024-54020"
    },
    {
      "cve": "CVE-2025-22252",
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-22252",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-22252.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1363392",
            "CSAFPID-2002532",
            "CSAFPID-1363409",
            "CSAFPID-1363397",
            "CSAFPID-2838319",
            "CSAFPID-2838320"
          ]
        }
      ],
      "title": "CVE-2025-22252"
    },
    {
      "cve": "CVE-2025-26466",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-26466",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26466.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1363392",
            "CSAFPID-2002532",
            "CSAFPID-1363409",
            "CSAFPID-1363397",
            "CSAFPID-2838319",
            "CSAFPID-2838320"
          ]
        }
      ],
      "title": "CVE-2025-26466"
    },
    {
      "cve": "CVE-2025-47294",
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-47294",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-47294.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1363392",
            "CSAFPID-2002532",
            "CSAFPID-1363409",
            "CSAFPID-1363397",
            "CSAFPID-2838319",
            "CSAFPID-2838320"
          ]
        }
      ],
      "title": "CVE-2025-47294"
    },
    {
      "cve": "CVE-2025-47295",
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-47295",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-47295.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1363392",
            "CSAFPID-2002532",
            "CSAFPID-1363409",
            "CSAFPID-1363397",
            "CSAFPID-2838319",
            "CSAFPID-2838320"
          ]
        }
      ],
      "title": "CVE-2025-47295"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-54020 (GCVE-0-2024-54020)

Vulnerability from cvelistv5

CERTFR-2025-AVI-0399

Vulnerability from certfr_avis

Solutions

ghsa-jj5f-jxf3-25vx

Vulnerability from github

fkie_cve-2024-54020

Vulnerability from fkie_nvd

ncsc-2025-0166

Vulnerability from csaf_ncscnl

Tags

Sightings

Nomenclature