Affected Vendors This Week
- Fortinet — 16 CVEs (1 high, 8 medium, 7 other)
- Zyxel — 2 CVEs (1 high, 1 medium)
- SonicWall — 1 CVE (1 critical)
- Digi — 1 CVE (1 high)
- TP-Link — 1 CVE (1 unrated)
This week brought 21 new router and network appliance CVEs, including one critical vulnerability that demands immediate attention. Fortinet dominates the volume with 16 disclosures spanning multiple product lines, while a severe code integrity issue in SonicWall Email Security poses the highest risk across the board.
Critical Priority
CVE-2025-40604 (CVSS 9.8) affects SonicWall Email Security appliances. This vulnerability allows attackers to load root filesystem images without signature verification, potentially giving them complete control over the system. If you run SonicWall Email Security, verify your firmware version immediately and apply available patches. This is a remote code execution risk that should be treated as urgent.
High-Severity Fortinet Issues
Fortinet faced a heavy week with multiple high-severity flaws across its product ecosystem. CVE-2025-58692 (CVSS 8.8) is an SQL injection in FortiVoice 7.0 and 7.2 branches that could allow database compromise. CVE-2025-47761 and CVE-2025-46373 both affect FortiClientWindows (versions 7.2–7.4), introducing access control bypass and heap buffer overflow risks respectively—these may require endpoint patching across your fleet.
FortiOS itself has two stack-based buffer overflow vulnerabilities: CVE-2025-58413 and CVE-2025-53843 (both CVSS 7.5), impacting versions 6.4 through 7.6. CVE-2025-58034 (CVSS 7.2) is an OS command injection flaw in FortiWeb that could allow remote code execution. Review your FortiOS and FortiWeb versions against the affected ranges and schedule patches accordingly.
Other Notable Vulnerabilities
CVE-2025-8693 (CVSS 8.8) is a post-authentication command injection in Zyxel DX3300-T0 devices running firmware 5.50(ABVY.6.3)C0 and earlier. While it requires prior authentication, it still poses risk in multi-tenant or compromised-credential scenarios. CVE-2025-13319 (CVSS 8.8) affects Digi On-Prem Manager—an SQL injection via API tokens that is only dangerous if API access is enabled, but should be verified disabled or patched if in use.
Fortinet's FortiExtender also carries a medium-severity buffer overflow (CVE-2025-46776, CVSS 6.4) affecting versions 7.2–7.6. No immediate critical risk, but include it in standard maintenance windows.
Action Items
- SonicWall users: Patch CVE-2025-40604 immediately if running Email Security.
- Fortinet customers: Check FortiOS, FortiWeb, FortiVoice, and FortiClientWindows versions against affected ranges. Prioritize stack overflow and injection flaws (CVSS 7.5+).
- Zyxel administrators: Update DX3300-T0 and DX3301-T0 firmware to latest available.
- Digi users: Disable On-Prem Manager API unless actively required, then verify patch status.