Fortinet Patches Zero Day in FortiOS SSL VPNs (CVE-2022-42475

Fortinet Patches Zero Day in FortiOS SSL VPNs (CVE-2022-42475)

On December 12 Fortinet published an advisory for a vulnerability affecting several versions of FortiOS used in its FortiGate secure socket layer virtual private network (SSL VPN) and firewall products. This vulnerability was originally disclosed publicly on December 9 and Fortinet states that it has been exploited in the wild.

CVE-2022-42475 is a heap-based buffer overflow in several versions of ForiOS that received a CVSSv3 score of 9.3. A remote, unauthenticated attacker could exploit this vulnerability with a specially crafted request and gain code execution.

For more information, please visit our blog.

SSL

Vulnerability Watch

Forum Discussion

Fortinet Patches Zero Day in FortiOS SSL VPNs (CVE-2022-42475

Recent Discussions

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)

Americas

Europe

Asia / Australia