Official firewall firmware security updates from the last 12 months

Official sources used

Fortinet PSIRT, Fortinet upgrade tool, Zyxel security advisories, Zyxel download center

This roundup only references official vendor material. It is meant to shorten the path from “I heard about a firewall issue” to “what fixed version does the vendor actually say to run?”

Zyxel2025-04-22

Zyxel USG FLEX H privilege escalation security update

Zyxel published a clean firewall advisory for privilege escalation issues affecting USG FLEX H devices and explicitly called out the patched train.

Fixed versionuOS V1.32

Why it mattersThis broadens firewall coverage with a credible second manufacturer that still gives readers clear first-party patch targets.

Official advisory ↗

Fortinet2025-01-15potentially exploited

FG-IR-24-015: SSL-VPN out-of-bounds write

Fortinet says this FortiOS and FortiProxy issue may allow remote unauthenticated code execution via crafted HTTP requests and notes potential exploitation in the wild.

Key fixed versionsFortiOS 7.4.3+, 7.2.7+, 7.0.14+, and 6.4.15+

Why it belongs hereIt combines remote reachability, serious impact, and a crisp vendor upgrade target.

Official advisory ↗Fortinet upgrade tool ↗

Fortinet2025-03-31exploited in the wild

FG-IR-24-535: Authentication bypass / super-admin risk

Fortinet says crafted requests may allow a remote attacker to gain super-admin privileges and explicitly notes that the issue is being exploited in the wild.

Key fixed versionsFortiOS 7.0.17+, FortiProxy 7.2.13+, and FortiProxy 7.0.20+

Why it belongs hereAny firewall issue that combines authentication bypass, privilege takeover, and active exploitation deserves a durable static reference page.

Official advisory ↗Fortinet upgrade tool ↗