How DeviceTotal Discovered a Fortinet Vulnerability That NVD Didn’t Notice

A customer utilizing the FortiGate 200F firewall from Fortinet, running firmware version 7.0.16, depended on standard vulnerability intelligence platforms such as the NVD to assess their network’s security posture. However, their internal compliance procedures failed to detect a critical vulnerability due to a false negative—an oversight that contradicted the official vendor advisory for this device. This inaccurate assessment nearly led to a significant security exposure.

The DeviceTotal Advantage

Without DeviceTotalWith DeviceTotal
⚠️ Vulnerability missed due to false negative✅ CVE-2025-22862 correctly identified as affecting FortiGate 200F
⚠️ Missed opportunity to apply a patch✅ Remediation guidance aligned with Fortinet’s official advisory
⚠️ Compliance reporting inconsistent with vendor data✅ DeviceTotal recommended the latest firmware version
⚠️ Risk of breach due to undetected blind spot✅ Risk mitigated proactively, with daily updates to device-specific risk profiles

The Security Gap

  • Device in Use: FortiGate 200F
  • Firmware Version: 7.0.16
  • Primary Intelligence Source: NVD
  • Result: At the time of both evaluation and this writing, the NVD did not list Fortinet or FortiGate products in relation to this CVE.
proof no vulnerability fortinet NVD

What DeviceTotal Discovered

The intelligence engine used by our vendor DeviceTotal flagged CVE-2025-22862 as directly relevant to the FortiGate 200F, referencing data from Fortinet’s official PSIRT advisory.

Fortinet PSIRT Advisory
  • The vulnerability does affect FortiGate 200F running firmware 7.0.16
  • It was disclosed under advisory ID FG-IR-24-385
  • The risk level was classified as Critical for the client
  • The CVE was not associated with Fortinet in the NVD at the time of review, and remains unlisted as of this writing

Outcome

Thanks to the early detection by our vendor DeviceTotal, the client’s security team was able to:

  • Apply the necessary patch before any exploitation occurred
  • Update asset risk scores with precision
  • Maintain alignment with internal compliance standards and external audit requirements

This case clearly demonstrates that relying solely on the NVD for vulnerability intelligence is insufficient—especially in complex, multi-vendor environments. Our vendor DeviceTotal successfully bridged the intelligence gap, accurately mapping the CVE and providing remediation paths that public sources had missed.

Why It Matters

The intelligence engine behind DeviceTotal monitors far beyond the NVD. It also includes:

  • Official advisories from vendors
  • Vendors that do not publicly report vulnerabilities
  • Zero-day threat alerts
  • Curated private and classified intelligence feeds

This enables comprehensive coverage through:

Subscribe to news