Article

Alert: Compiled Fortinet Security Updates – May 2025

Fortinet has released a security update addressing multiple vulnerabilities in its products. These vulnerabilities affect several Fortinet products, including but not limited to FortiOS, FortiWeb, FortiAnalyzer, FortiSIEM and FortiSOAR.

Affected Systems:

The affected systems and versions include, but are not limited to:

FortiOS: 7.6.0, 7.4.4 - 7.4.6, 7.2.0 - 7.2.9, 7.0.0 - 7.0.15, 6.4.0 - 6.4.15, 6.2.0 - 6.2.16.
FortiWeb: 7.6.0, 7.4.0 - 7.4.5, 7.2.0 - 7.2.10, 7.0.0 - 7.0.10, 6.4.0-6.4.15, 6.2.0-6.2.16.
FortiAnalyzer: 7.6.0 - 7.6.2, 7.4.3 - 7.4.6, 7.2.5 - 7.2.10, 7.0.12 - 7.0.13, 6.4.14 - 6.4.15, 6.2.0 - 6.2.11.
FortiMail: 7.4.0 - 7.4.2, 7.2.0 - 7.2.6, 7.0.0 - 7.0.7, 6.4.0 - 6.4.8, all versions of 6.2.
FortiSIEM: 7.1.0 - 7.1.3, all versions of 7.0, 6.7, 6.6, 6.5, 6.4, 6.3, 6.2, 6.1, 5.4, 5.3.
FortiSOAR: 7.4.0 - 7.4.2, all versions of 7.3, 7.2, 7.0, 6.4.

Security Risks

The successful exploitation of vulnerabilities in Fortinet software poses a significant security risk, allowing cybercriminals to escalate privileges, execute arbitrary code, and disrupt or compromise the affected systems.

For a complete list of the security patches released by Fortinet, please refer to the official Fortinet security advisory.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends that system administrators:

Follow Fortinet Security Advisory to lower the risk of potential exploits, protect systems, and ensure their security.
Apply the required and latest security updates as soon as possible.

The released software versions for upgrade include, but are not limited to:

FortiOS: Upgrade to 7.6.1+, 7.4.7+, 7.2.10+, 7.0.16+, 6.4.16+, 6.2.17+.
FortiWeb: Upgrade to 7.6.1+, 7.4.6+, 7.2.11+, 7.0.11+, 6.4.16+, 6.2.17+.
FortiAnalyzer: Upgrade to 7.6.3+, 7.4.7+, 7.2.11+, or a fixed release for 7.0.13, 6.4.15, 6.2.12+.
FortiMail: Upgrade to 7.4.3+, 7.2.7+, 7.0.8+, 6.4.9+, or migrate to a fixed release for 6.2.
FortiSIEM: Upgrade to 7.1.4+, or migrate to a fixed release for all versions below.
FortiSOAR: Upgrade to 7.4.3+, or migrate to a fixed release for all versions below.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us at 9009.

References

https://www.fortiguard.com/psirt

15 May 2025

More updates

15 May 2025

Alert: Microsoft Security Updates – May 2025

Microsoft has released security updates to address 72 vulnerabilities in its software.

14 May 2025

Alert: Apple Security Updates – May 2025

Apple has released urgent security updates to address a vulnerability affecting multiple products.

09 May 2025

Alert: Cisco Security Updates - May 2025

Cisco has released security updates to address vulnerabilities in multiple Cisco products.

09 May 2025

Alert: Fortinet Security Updates – May 2025

Fortinet has released security updates to address vulnerabilities in its products.

Fortinet has released a security update addressing multiple vulnerabilities in its products. These vulnerabilities affect several Fortinet products, including but not limited to FortiOS, FortiWeb, FortiAnalyzer, FortiSIEM and FortiSOAR.

Affected Systems:

The affected systems and versions include, but are not limited to:

FortiOS: 7.6.0, 7.4.4 - 7.4.6, 7.2.0 - 7.2.9, 7.0.0 - 7.0.15, 6.4.0 - 6.4.15, 6.2.0 - 6.2.16.

FortiWeb: 7.6.0, 7.4.0 - 7.4.5, 7.2.0 - 7.2.10, 7.0.0 - 7.0.10, 6.4.0-6.4.15, 6.2.0-6.2.16.

FortiAnalyzer: 7.6.0 - 7.6.2, 7.4.3 - 7.4.6, 7.2.5 - 7.2.10, 7.0.12 - 7.0.13, 6.4.14 - 6.4.15, 6.2.0 - 6.2.11.

FortiMail: 7.4.0 - 7.4.2, 7.2.0 - 7.2.6, 7.0.0 - 7.0.7, 6.4.0 - 6.4.8, all versions of 6.2.

FortiSIEM: 7.1.0 - 7.1.3, all versions of 7.0, 6.7, 6.6, 6.5, 6.4, 6.3, 6.2, 6.1, 5.4, 5.3.

FortiSOAR: 7.4.0 - 7.4.2, all versions of 7.3, 7.2, 7.0, 6.4.

Security Risks

The successful exploitation of vulnerabilities in Fortinet software poses a significant security risk, allowing cybercriminals to escalate privileges, execute arbitrary code, and disrupt or compromise the affected systems.

For a complete list of the security patches released by Fortinet, please refer to the official Fortinet security advisory.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends that system administrators:

Follow Fortinet Security Advisory to lower the risk of potential exploits, protect systems, and ensure their security.

Apply the required and latest security updates as soon as possible.

The released software versions for upgrade include, but are not limited to:

FortiOS: Upgrade to 7.6.1+, 7.4.7+, 7.2.10+, 7.0.16+, 6.4.16+, 6.2.17+.

FortiWeb: Upgrade to 7.6.1+, 7.4.6+, 7.2.11+, 7.0.11+, 6.4.16+, 6.2.17+.

FortiAnalyzer: Upgrade to 7.6.3+, 7.4.7+, 7.2.11+, or a fixed release for 7.0.13, 6.4.15, 6.2.12+.

FortiMail: Upgrade to 7.4.3+, 7.2.7+, 7.0.8+, 6.4.9+, or migrate to a fixed release for 6.2.

FortiSIEM: Upgrade to 7.1.4+, or migrate to a fixed release for all versions below.

FortiSOAR: Upgrade to 7.4.3+, or migrate to a fixed release for all versions below.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us at 9009.

References

https://www.fortiguard.com/psirt

	info@ncsa.gov.rw
	9009 / 0781813310
	‎+250 791 445 224