CVE-2022-42475 in Fortinet FortiOS: Confirmed Exploitation Mandates Immediate Action

📅 March 24, 2026 🔴 Exploit Risk: 0.576 📊 Intelligence Score: 98/100 📰 8 sources synthesized

TL;DR — Read this first

CVE-2022-42475 is a heap-based buffer overflow vulnerability in Fortinet's FortiOS SSL-VPN.
CONFIRMED exploitation in the wild. This vulnerability is listed on CISA's KEV catalog and has an EPSS score of 93.98%, indicating a high probability of exploitation.
Immediate action required: Patch all affected FortiOS and FortiProxy instances. Prioritize publicly-facing devices and investigate for signs of compromise.

Intelligence Metadata

First Reported Bycisa.gov

Outbreak Velocity0 minutes spread to 2 unique domains

ConsensusNot available from provided sources.

CVSS Score9.8 (Critical)

EPSS Score0.93984 (93.98th percentile)

CISA KEV StatusConfirmed

Exploit Risk Score0.5759

Race LabelPERSISTENT THREAT

Technical Analysis

CVE-2022-42475 is a heap-based buffer overflow vulnerability within the FortiOS SSL-VPN daemon ('sslvpnd'). The vulnerability can be triggered by a remote, unauthenticated attacker sending a specifically crafted request to a vulnerable SSL-VPN interface. Successful exploitation allows the attacker to execute arbitrary code or commands on the affected device, achieving remote code execution (RCE) with root privileges.

The attack does not require any user interaction and targets the pre-authentication stage of the SSL-VPN service, making any exposed device a potential target. The 'PERSISTENT THREAT' race label, based on its KEV addition date of December 13, 2022, indicates that exploit code is mature, publicly available, and has been used by various threat actors over an extended period. The provided source articles in the intelligence cluster were not relevant to the technical specifics of this Fortinet CVE.

Affected Systems

Vendor: Fortinet

Affected Versions:

FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiProxy version 7.2.0 through 7.2.1
FortiProxy version 7.0.0 through 7.0.7

Exposure: Publicly facing SSL-VPN interfaces.

Blast Radius: High. Includes any organization utilizing vulnerable versions of Fortinet FortiOS or FortiProxy with the SSL-VPN service exposed to the internet.

Intelligence Context

The combination of a CISA KEV listing and a high EPSS score (93.98%) provides a strong, data-driven signal that CVE-2022-42475 is not a theoretical threat, but one with a high likelihood of active exploitation. The 'PERSISTENT THREAT' label, derived from its presence on the KEV list for over 1100 days, confirms that this is a reliable tool in attacker arsenals. The low vendor risk score (0.08) provided in the input is anomalous and should be disregarded in favor of the KEV and EPSS data. For defenders, this vulnerability represents a critical and urgent priority for patching and investigation, as it provides a direct, unauthenticated path for ingress into a network perimeter.

Remediation & Defense

Patch immediately. Investigate all exposed and vulnerable systems for signs of compromise dating back to the patch release.

Patch Status: Available

Patch Version: Upgrade to FortiOS 7.2.3, 7.0.9, 6.4.11, 6.2.12 or above. Upgrade to FortiProxy 7.2.2, 7.0.8 or above.

Workarounds:

If patching is not immediately possible, disable the SSL-VPN service on all affected devices.
Implement strict access control lists (ACLs) to limit access to the SSL-VPN interface to trusted IP addresses only.

Detection Hints:

Monitor for crash events in the 'sslvpnd' process within FortiOS system logs.
Hunt for anomalous outbound connections originating from the Fortinet appliance itself, which could indicate a successful compromise and C2 communication.
Review logs for unexpected requests to the '/remote/hostcheck_validate' endpoint.

Source Timeline

cisa.gov — First reporter
fortiguard.com — Vendor Advisory
nvd.nist.gov — Official CVE record

CVE-2022-42475 fortinet fortios fortiproxy rce kev sslvpn persistent-threat