Critical RCE Bug Opens Fortinets Secure Web Gateway to Takeover

Users should patch an unauthenticated remote code execution bug impacting FortiOS and FortiProxy administrative interfaces ASAP, Fortinet says.

Fortinet is warning users to patch a critical remote code execution (RCE) vulnerability in the FortiOS operating system, and in the FortiProxy secure Web gateway.
An alert this week from FortiGuard Labs said a heap buffer underflow bug in the administrative interface could allow an unauthenticated, remote cyberattacker to execute code on a device running the platforms. The vulnerability could also allow a threat actor to perform a denial-of-service (DoS) attack on the GUI of devices running the vulnerable code, Fortinet added.
Fortinet has issued a
security update for FortiOS and FortiProxy
interfaces, and noted that no exploitation has been detected yet.
Fortinet is not aware of any instance where this vulnerability was exploited in the wild, the alert explained. We continuously review and test the security of our products, and this vulnerability was internally discovered within that frame.
This is the latest bug to come to light in the popular security appliance vendors gear. Just late last month,
Fortinet urged FortiNAC users to update their systems
against a flaw that allowed unauthenticated attackers to write arbitrary system files.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Critical RCE Bug Opens Fortinets Secure Web Gateway to Takeover