InfoSecBulletin Cybersecurity for mankind
Fortinet has issued security updates for several products, including FortiOS, to fix vulnerabilities that could allow cyber attackers to take control of affected systems.
CISA encourages users and administrators to review the following advisories and apply necessary updates.
CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
CIRT alert Situational Awareness for Eid Holidays
Cyberattack on Malaysian airports: PM rejected $10 million ransom
Micropatches released for Windows zero-day leaking NTLM hashes
FG-IR-23-396 ReadOnly Users Could Run Some Sensitive Operations:
A client-side enforcement of server-side security vulnerability [CWE-602] in FortiAnalyzer may allow an authenticated attacker with at least read-only permission to execute sensitive operations via crafted requests.
FG-IR-23-475 FortiOS – SSLVPN Session Hijacking Using SAML Authentication:
A session fixation vulnerability [CWE-384] in FortiOS may allow an unauthenticated attacker to hijack user session via a phishing SAML authentication link.
FG-IR-24-144 Privilege Escalation via Lua Auto Patch Function:
A privilege context switching error vulnerability [CWE-270] in FortiClient Windows may allow an authenticated user to escalate their privileges via lua auto patch scripts.
FG-IR-24-199 Named Pipes Improper Access Control:
An authentication bypass using an alternate path or channel vulnerability (CWE-288) in FortiClient (Windows) may allow a low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.
