Security Appliance Vulnerability Bingo 2025

	A	B	C	D	E	F	G	I	J	K	L	M	N	P
1	Security appliance 2025 bingo scorecard
2
3		Auth RCE	Auth Bypass	PrivEsc	Unauth RCE	Persistent backdoor	Bonus: CISA KEV	List of vulnerabilities:
4	SonicWall	✅	✅	✅	❌	✅	❌
5	Ivanti	❌	✅	❌	❌	❌	❌	Date	Vendor	Vuln Type	CVE	Vendor advisory	Comment	External links are neither endorsed nor regularly checked by the author of this document, visit at your own risk.
6	Cisco	✅	✅	✅	✅	✅	✅	2025/01/08	Ivanti	PrivEsc, Unauth RCE, CISA KEV	CVE-2025-0282, CVE-2025-0283	https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US
7	Sophos	✅	✅	✅	❌	✅	✅	2025/01/15	FortiGate	Auth Bypass, PrivEsc, CISA KEV	CVE-2024-55591	https://fortiguard.fortinet.com/psirt/FG-IR-24-535
8	FortiGate	✅	❌	❌	❌	❌	❌	2025/01/23	SonicWall	Unauth RCE	CVE-2025-23006	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002
9	Palo Alto	✅	❌	✅	✅	✅	✅	2025/01/25	SonicWall	CISA KEV	CVE-2025-23007	https://www.cisa.gov/news-events/alerts/2025/01/24/cisa-adds-one-known-exploited-vulnerability-catalog
10								2025/01/29	FortiGate	Auth Bypass, PrivEsc, CISA KEV (additional info)	CVE-2024-55591	https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/
11	❌	At least one critical vuln in 2025						2025/02/12	Ivanti	Auth RCE	CVE-2024-22467	https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US
12	✅	No new critical vuln in 2025... yet						2025/03/31	Ivanti	Persistent backdoor	CVE-2025-0282	https://www.cisa.gov/news-events/alerts/2025/03/28/cisa-releases-malware-analysis-report-resurge-malware-associated-ivanti-connect-secure
13								2025/04/08	FortiGate	Auth Bypass, PrivEsc	CVE-2024-48887	https://fortiguard.fortinet.com/psirt/FG-IR-24-435
14	Rules:	- Only new vulnerabilities (disclosed in 2025)						2025/03/07	Palo Alto	Authentication Bypass	CVE-2025-0108	https://security.paloaltonetworks.com/CVE-2025-0108	Criticality: high, but actively exploited since mid-April
15		- Only critical vulnerabilities as per vendor CVSS score (if sensible)						2025/04/15	FortiNet	Persistent Backdoor		https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity	Old vulnerabilities, but: "this specific finding is the result of a threat actor taking advantage of a known vulnerability with a new technique to maintain read-only access to vulnerable FortiGate devices after the original access vector was locked down."
16		- Edge cases (like exploit chains) are decided by duel at dawn. Pistols only!						2025/05/13	FortiNet	Authentication Bypass	CVE-2025-22252	https://www.fortiguard.com/psirt/FG-IR-24-472
17		- If one field is already crossed out, I tend to not include additional advisories for the same field, i.e. multiple Auth Bypasses in Fortinet products						2025/07/10	FortiNet	RCE / SQL Injection	CVE-2025-25257	https://www.fortiguard.com/psirt/FG-IR-25-151	This is not RCE in the common sense, but oftentimes it's possible to pivot to actual RCE from unauth SQLi. Therefore, I'll allow it.
18								2025/07/22	Sophos	RCE / SQL Injection	CVE-2025-6794, CVE-2025-7624	https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce
19	Got input?	@christopherkunz@chaos.social						2025/11/14	FortiNet	Authentication Bypass	tba	https://github.com/watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypass/blob/main/watchTowr-vs-Fortiweb-AuthBypass.py
20		@christopherkunz.bsky.social
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100