Fortinet Issues Advisory On Old Vulnerability – Check That You Are Patched

Latest Posts
Threats
Vulnerabilities

Fortinet Issues Advisory On Old Vulnerability – Check That You Are Patched

by Mike Puglia

2 min read

Fortinet has recently issued an advisory that a five year old vulnerability from 2020 (CVE-2020-12812) is being actively exploited in the wild. The vulnerability enables attackers to bypass 2FA witch certain firewall configurations and was patched with releases 6.4.1, 6.2.4, and 6.0.10. Whether Fortinet updated this advisory because of multiple compromises detected or for research purposes the resolution is the same – check all your firewalls and make sure they are updated to the latest version.

Throughout 2025, attackers have turned their attention to firewall vulnerabilities as an attractive vector for compromise. Given their 24×7 access and direct internet connectivity, they make an attractive target. Once compromised, attackers have access to the internal network to perform further reconnaissance, lateral movement, privilege escalation and ultimately, exfiltrate data and deploy ransomware. This trend is not unique to Fortinet. In 2025, we saw exploitation across virtually every major firewall vendor (See our recent articles on Cisco and Sonicwall).

If you are leveraging Fortinet products, now is a good time to check that they are up to date with patches given the vulnerabilities released over the past six months – the following which are known to being actively exploited:

  • Product: Multiple Fortinet Products’ FortiCloud SSO Login Authentication Bypass
  • Affected Versions: See vendor advisory at the link below
  • CVE: CVE-2025-59718 & CVE-2025-59718 (CVSS 9.1 out of 10)
  • Publish Date: 9 December 2025
  • Type: Improper Verification of Cryptographic Signature
  • Advisory: https://www.fortiguard.com/psirt/FG-IR-25-647
  • First Patched Version: See vendor advisory at the link above
  • Status: Actively Exploited
  • Product: FortiWeb
  • Affected Versions: 7.0.0-7.0.11, 7.2.0-7.2.11, 7.4.0-7.4.10, 7.6.0-7.6.5, 8.0.0-8.0.1
  • CVE: CVE-2025-58034 (CVSS 6.7 out of 10)
  • Publish Date: 18 November 2025
  • Type: Multiple OS command injection in API and CLI
  • Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-25-513
  • First Patched Version: 7.0.12, 7.2.12, 7.4.11, 7.6.6, 8.0.2
  • Status: Actively Exploited
  • Product: FortiWeb
  • Affected Versions: 7.0.0-7.0.10, 7.2.0-7.2.10, 7.4.0-7.4.7, 7.6.0-7.6.3
  • CVE: CVE-2025-25257 (CVSS 9.6 out of 10)
  • Publish Date: 8 July 2025
  • Type: Unauthenticated SQL injection in GUI
  • Advisory: https://www.fortiguard.com/psirt/FG-IR-25-151
  • First Patched Version: 7.0.11, 7.2.11, 7.4.8, 7.6.4
  • Status: Actively Exploited

Mike Puglia

General Manager, Security Products

Mike Puglia brings over 25 years of technology, strategy, and cybersecurity experience to his role as Kaseya’s General Manager of Security Products. He is responsible for all products across Kaseya’s portfolio of security solutions.

Prior to joining Kaseya, Mike led the technical program management integration of real-time collaboration technologies into Salesforce’s Chatter Social Enterprise platform. Earlier in his career, Mike served in technical and product roles at applications security company Veracode, database security company Lumigent Technologies and network security Bluesocket.

Mike holds a Bachelor of Science in Electrical Engineering from the University of New Hampshire and an MBA from the Carroll Graduate School of Management at Boston College.