Description

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.16, FortiSASE 25.2.b, FortiSASE 25.1.a.2, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets

Related CPE's

o

fortinet

fortios

5

a

fortinet

fortiswitchmanager

2

a

fortinet

fortisase

2

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-084

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-122

[email protected]

Primary
CWE-787

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-13T17:15:56.910Z

34 hours ago

Last modified

2026-01-14T21:33:28.410Z

6 hours ago