#FortiClientEMS
LightNews LightNews
euvd-bot.bsky.social
🚨 EUVD-2026-2239
📊 6.8/10
🏢 Fortinet

📝 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-2239

#cybersecurity #infosec #cve #euvd
January 13, 2026 at 10:40 PM
cve.skyfleet.blue
CVE-2025-59922 - Fortinet FortiClientEMS SQL Injection Vulnerability
CVE ID : CVE-2025-59922

Published : Jan. 13, 2026, 5:15 p.m. | 14 minutes ago

Description : An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89]...
CVE-2025-59922 - Fortinet FortiClientEMS SQL Injection Vulnerability
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code …
cvefeed.io
January 13, 2026 at 6:03 PM
isecprep.bsky.social
The Fortinet NSE 6 – FortiClient EMS 7.4 (FCP_FCT_AD-7.4) certification requires mastery of EMS configuration, endpoint posture, and SASE-driven access control.

Read more: www.isecprep.com/wp-content/u...

#Fortinet #FCP_FCT_AD74 #FortiClientEMS #SASE #CyberSecurity
Cover page displaying the title ‘Fortinet FCP_FCT_AD-7.4 FortiClient EMS Administrator Certification Questions & Answers’ with the nwexam.com networking certification guide logo.
November 13, 2025 at 8:03 AM
2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy
A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 thro... A Relative Pat...

https://cve.threatint.eu/CVE/CVE-2025-22859?utm_campaign=info&utm;_medium=rss&utm;_source=website

Result Details
CVE-2025-22859 | THREATINT
A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests.
cve.threatint.eu
May 13, 2025 at 3:31 PM
vulnerability-lookup.social.circl.lu.ap.brid.gy
You can now share your thoughts on vulnerability CVE-2025-22855 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-22855

Fortinet - FortiClientEMS

#vulnerabilitylookup #vulnerability #cybersecurity #bot
cvelistv5 - CVE-2025-22855
Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
vulnerability.circl.lu
April 8, 2025 at 2:27 PM
vulnerability-lookup.social.circl.lu.ap.brid.gy
You can now share your thoughts on vulnerability CVE-2019-16149 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2019-16149

Fortinet - FortiClientEMS

#vulnerabilitylookup #vulnerability #cybersecurity #bot
cvelistv5 - CVE-2019-16149
Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
vulnerability.circl.lu
March 28, 2025 at 9:48 AM
cve-notifications.bsky.social
ID: CVE-2024-36510
CVSS V3.1: MEDIUM
An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all...
#security #infosec #cve-alert
nvd.nist.gov
January 14, 2025 at 2:17 PM
cve-notifications.bsky.social
ID: CVE-2024-36506
CVSS V3.1: LOW
An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature...
#security #infosec #cve-alert
nvd.nist.gov
January 14, 2025 at 2:17 PM
cve-notifications.bsky.social
ID: CVE-2024-23106
CVSS V3.1: HIGH
An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS...
#security #infosec #cve-alert
nvd.nist.gov
January 14, 2025 at 2:16 PM
kitafox.bsky.social
パッチを当てたFortiClient EMSの脆弱性を悪用する攻撃者

Attackers exploiting a patched FortiClient EMS vulnerability in the wild #Kaspersky (Dec 19)

#FortiClientEMS #SQLインジェクション #ゼロデイ脆弱性 #リモートコード実行 #セキュリティアップデート
Attackers exploiting a FortiClient EMS vulnerability in the wild
Kaspersky's GERT experts describe an incident with initial access to enterprise infrastructures through a FortiClient EMS vulnerability that allowed SQL injections.
buff.ly
December 20, 2024 at 1:30 AM
cve-notifications.bsky.social
ID: CVE-2024-33508
CVSS V3.1: HIGH
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to...
#security #infosec #cve-alert
nvd.nist.gov
September 10, 2024 at 3:16 PM
cve-notifications.bsky.social
ID: CVE-2024-21753
CVSS V3.1: MEDIUM
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1...
#security #infosec #cve-alert
nvd.nist.gov
September 10, 2024 at 3:16 PM
infosec.skyfleet.blue
Fortinet warns users that FortiClientEMS flaw is actively exploited by hackers
Fortinet warns users that FortiClientEMS flaw is actively exploited by hackers
Fortinet has alerted users about an actively exploited SQL Injection vulnerability in specific versions of FortiClient Enterprise Management Server (EMS), from 7.2.0 to 7.2.2 and 7.0.1 to 7.0.10. Highlighted by a proof-of-concept from Horizon3.ai, the exploit's simplicity raises concerns. Fortinet strongly recommends users, especially those with affected SSL VPNs, to update their systems immediately to prevent potential attacks.
beyondmachines.net
March 22, 2024 at 7:34 PM
heisec.bsky.social
Eine kritische Schwachstelle in FortiClientEMS wird inzwischen aktiv angegriffen. Zudem ist ein Proof-of-Concept-Exploit öffentlich geworden.
Kritische Sicherheitslücke in FortiClientEMS wird angegriffen
Eine kritische Schwachstelle in FortiClientEMS wird inzwischen aktiv angegriffen. Zudem ist ein Proof-of-Concept-Exploit öffentlich geworden.
www.heise.de
March 22, 2024 at 8:44 AM
theitnerd.ca
Fortinet FortiClientEMS SQL Injection Deep Dive & Proof Of Concept

itnerd.blog/2024/03/21/f...
March 21, 2024 at 5:22 PM
r-netsec.bsky.social
CVE-2023-48788: Fortinet FortiClientEMS SQL Injection Deep Dive and IOCs
CVE-2023-48788: Fortinet FortiClientEMS SQL Injection Deep Dive and IOCs
www.horizon3.ai
March 21, 2024 at 1:39 PM
buherator.bsky.social
[RSS] CVE-2023-48788: Fortinet FortiClientEMS SQL Injection Deep Dive

https://www.horizon3.ai/attack-research/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/


Original post
March 21, 2024 at 11:08 AM
ninjaowl.ai
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software #cybersecurity #infosec #privacy #news thehackernews.com/20...
March 14, 2024 at 9:39 AM
techit.bsky.social
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

#thehackersnews
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software
Fortinet warns of a severe flaw in FortiClientEMS allowing attackers to execute code remotely. CVE-2023-48788 has a CVSS score of 9.3.
thehackernews.com
March 14, 2024 at 5:20 AM
infosec.skyfleet.blue
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software
Fortinet warns of a severe flaw in FortiClientEMS allowing attackers to execute code remotely. CVE-2023-48788 has a CVSS score of 9.3.
thehackernews.com
March 14, 2024 at 5:16 AM
greynoise.io
We published a tag today for CVE-2023-48788, a CVSS 9.8 SQL injection vulnerability in FortiNet FortiClientEMS, thanks to our friends at horizon3ai. viz.greynoise.io/tags/fortine...
March 13, 2024 at 9:31 PM
infosec.skyfleet.blue
Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS
Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS
Fortinet released security updates to address critical code execution vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS.
securityaffairs.com
March 13, 2024 at 7:07 PM
heisec.bsky.social
Fortinet hat zum März-Patchday Sicherheitslücken in FortiOS, FortiProxy, FortiClientEMS und im FortiManager geschlossen.
Fortinet-Patchday: Kritische Lücken in FortiOS, FortiProxy und FortiClientEMS
Fortinet hat zum März-Patchday Sicherheitslücken in FortiOS, FortiProxy, FortiClientEMS und im FortiManager geschlossen.
www.heise.de
March 13, 2024 at 1:17 PM
mrbyte.bsky.social
Oggi è stata la giornata della caccia al fortigate.

Fortinet Releases Security Advisories for FortiOS and FortiClientEMS | CISA www.cisa.gov/news-events/... #infosec
Fortinet Releases Security Advisories for FortiOS and FortiClientEMS | CISA
www.cisa.gov
February 9, 2024 at 7:58 PM