What’s new: A significant increase in brute-force attacks targeting Fortinet SSL VPNs was observed on August 3 and August 5, 2025. This activity has raised concerns about potential zero-day vulnerabilities, as such spikes often precede the disclosure of new security flaws in Fortinet products.
Who’s affected
Organizations using Fortinet SSL VPNs and FortiManager are at risk due to the ongoing brute-force campaigns. Specific IP addresses associated with the attacks have been identified and should be monitored.
What to do
- Block the following IP addresses associated with the brute-force attempts: 31.206.51.194, 23.120.100.230, 96.67.212.83, 104.129.137.162, 118.97.151.34, 180.254.147.16, 20.207.197.237, 180.254.155.227, 185.77.225.174, 45.227.254.113.
- Enhance login protection on Fortinet devices.
- Restrict external access to trusted IP ranges and VPNs to harden security.
