cvelistv5 - cve-2025-47295

CVE-2025-47295 (GCVE-0-2025-47295)

Vulnerability from cvelistv5

Published

2025-05-28 07:54

Modified

2025-05-28 14:23

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE

CWE-126 - Denial of service

Summary

A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker's control.

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-24-381	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Fortinet	FortiOS	Version: 7.4.0 ≤ 7.4.3 Version: 7.2.0 ≤ 7.2.7 Version: 7.0.0 ≤ 7.0.14 Version: 6.4.0 ≤ 6.4.16 cpe:2.3:o:fortinet:fortios:7.4.3:::::::* cpe:2.3:o:fortinet:fortios:7.4.2:::::::* cpe:2.3:o:fortinet:fortios:7.4.1:::::::* cpe:2.3:o:fortinet:fortios:7.4.0:::::::* cpe:2.3:o:fortinet:fortios:7.2.7:::::::* cpe:2.3:o:fortinet:fortios:7.2.6:::::::* cpe:2.3:o:fortinet:fortios:7.2.5:::::::* cpe:2.3:o:fortinet:fortios:7.2.4:::::::* cpe:2.3:o:fortinet:fortios:7.2.3:::::::* cpe:2.3:o:fortinet:fortios:7.2.2:::::::* cpe:2.3:o:fortinet:fortios:7.2.1:::::::* cpe:2.3:o:fortinet:fortios:7.2.0:::::::* cpe:2.3:o:fortinet:fortios:7.0.14:::::::* cpe:2.3:o:fortinet:fortios:7.0.13:::::::* cpe:2.3:o:fortinet:fortios:7.0.12:::::::* cpe:2.3:o:fortinet:fortios:7.0.11:::::::* cpe:2.3:o:fortinet:fortios:7.0.10:::::::* cpe:2.3:o:fortinet:fortios:7.0.9:::::::* cpe:2.3:o:fortinet:fortios:7.0.8:::::::* cpe:2.3:o:fortinet:fortios:7.0.7:::::::* cpe:2.3:o:fortinet:fortios:7.0.6:::::::* cpe:2.3:o:fortinet:fortios:7.0.5:::::::* cpe:2.3:o:fortinet:fortios:7.0.4:::::::* cpe:2.3:o:fortinet:fortios:7.0.3:::::::* cpe:2.3:o:fortinet:fortios:7.0.2:::::::* cpe:2.3:o:fortinet:fortios:7.0.1:::::::* cpe:2.3:o:fortinet:fortios:7.0.0:::::::* cpe:2.3:o:fortinet:fortios:6.4.16:::::::* cpe:2.3:o:fortinet:fortios:6.4.15:::::::* cpe:2.3:o:fortinet:fortios:6.4.14:::::::* cpe:2.3:o:fortinet:fortios:6.4.13:::::::* cpe:2.3:o:fortinet:fortios:6.4.12:::::::* cpe:2.3:o:fortinet:fortios:6.4.11:::::::* cpe:2.3:o:fortinet:fortios:6.4.10:::::::* cpe:2.3:o:fortinet:fortios:6.4.9:::::::* cpe:2.3:o:fortinet:fortios:6.4.8:::::::* cpe:2.3:o:fortinet:fortios:6.4.7:::::::* cpe:2.3:o:fortinet:fortios:6.4.6:::::::* cpe:2.3:o:fortinet:fortios:6.4.5:::::::* cpe:2.3:o:fortinet:fortios:6.4.4:::::::* cpe:2.3:o:fortinet:fortios:6.4.3:::::::* cpe:2.3:o:fortinet:fortios:6.4.2:::::::* cpe:2.3:o:fortinet:fortios:6.4.1:::::::* cpe:2.3:o:fortinet:fortios:6.4.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47295",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-28T14:22:23.921855Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-28T14:23:42.935Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.7",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.14",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.16",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker\u0027s control."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "Denial of service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-28T07:54:05.794Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-381",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-381"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.4 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiOS version 7.0.15 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-47295",
    "datePublished": "2025-05-28T07:54:05.794Z",
    "dateReserved": "2025-05-05T20:10:32.083Z",
    "dateUpdated": "2025-05-28T14:23:42.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-47295\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2025-05-28T08:15:22.747\",\"lastModified\":\"2025-06-04T15:37:21.417\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker\u0027s control.\"},{\"lang\":\"es\",\"value\":\"Una sobrelectura de b\u00fafer en las versiones 7.4.0 a 7.4.3, 7.2.0 a 7.2.7 y 7.0.0 a 7.0.14 de Fortinet FortiOS puede permitir que un atacante remoto no autenticado bloquee el daemon FGFM a trav\u00e9s de una solicitud especialmente manipulada, en raras condiciones que est\u00e1n fuera del control del atacante. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-126\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndExcluding\":\"7.0.15\",\"matchCriteriaId\":\"C8185801-97AD-48F2-8275-A54D5D81C048\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndExcluding\":\"7.2.8\",\"matchCriteriaId\":\"A6D2A14F-3916-45A0-AD4D-27C60E00AEC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndExcluding\":\"7.4.4\",\"matchCriteriaId\":\"1FDDB5F3-D229-4208-9110-8860A03C8B59\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-24-381\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-47295\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-28T14:22:23.921855Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-28T14:23:19.728Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.3\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.7\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.14\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.4.16\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiOS version 7.6.0 or above \\nPlease upgrade to FortiOS version 7.4.4 or above \\nPlease upgrade to FortiOS version 7.2.8 or above \\nPlease upgrade to FortiOS version 7.0.15 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-381\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-381\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker\u0027s control.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-126\", \"description\": \"Denial of service\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2025-05-28T07:54:05.794Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-47295\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-28T14:23:42.935Z\", \"dateReserved\": \"2025-05-05T20:10:32.083Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2025-05-28T07:54:05.794Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ssa-698820

Vulnerability from csaf_siemens

Published

2024-07-09 00:00

Modified

2025-07-08 00:00

Summary

SSA-698820: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.4 on RUGGEDCOM APE1808 Devices

Notes

Summary

Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version of Fortigate NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens recommends to consult and implement the workarounds provided in Fortinet's upstream security notifications.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products.\nSiemens has released a new version of Fortigate NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens recommends to consult and implement the workarounds provided in Fortinet\u0027s upstream security notifications.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-698820: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.4 on RUGGEDCOM APE1808 Devices - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-698820.html"
      },
      {
        "category": "self",
        "summary": "SSA-698820: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.4 on RUGGEDCOM APE1808 Devices - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-698820.json"
      }
    ],
    "title": "SSA-698820: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.4 on RUGGEDCOM APE1808 Devices",
    "tracking": {
      "current_release_date": "2025-07-08T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-698820",
      "initial_release_date": "2024-07-09T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-07-09T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2024-08-13T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Updated CVE-2024-23111 description and added newly published CVE-2024-26006 and CVE-2024-26015"
        },
        {
          "date": "2024-09-10T00:00:00Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added newly published upstream vulnerability CVE-2024-36505"
        },
        {
          "date": "2024-10-08T00:00:00Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added fix for Fortinet NGFW as released from Siemens for RUGGEDCOM APE1808; added mitigations for CVE-2024-26006 and CVE-2024-26010"
        },
        {
          "date": "2024-12-10T00:00:00Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added newly published upstream vulnerabilities CVE-2024-33510, CVE-2023-50176, CVE-2024-26011"
        },
        {
          "date": "2025-02-11T00:00:00Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Added newly published upstream vulnerabilities CVE-2024-48886 and CVE-2024-50563"
        },
        {
          "date": "2025-04-08T00:00:00Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Removed CVE-2024-48886 and CVE-2024-50563 due to wrong fix information. These CVEs are advised in SSA-770770"
        },
        {
          "date": "2025-06-10T00:00:00Z",
          "legacy_version": "1.7",
          "number": "8",
          "summary": "Added newly published upstream vulnerability CVE-2025-47295"
        },
        {
          "date": "2025-07-08T00:00:00Z",
          "legacy_version": "1.8",
          "number": "9",
          "summary": "Added newly published upstream vulnerability CVE-2024-50568"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM APE1808"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46720",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.4. Contact customer support to receive patch and update information.",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-46720"
    },
    {
      "cve": "CVE-2023-50176",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.4. Contact customer support to receive patch and update information.",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-50176"
    },
    {
      "cve": "CVE-2024-21754",
      "cwe": {
        "id": "CWE-916",
        "name": "Use of Password Hash With Insufficient Computational Effort"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a\u00a0privileged attacker with super-admin profile and CLI access to decrypting the backup file.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.4. Contact customer support to receive patch and update information.",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 1.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-21754"
    },
    {
      "cve": "CVE-2024-23111",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An improper neutralization of input during web page Generation (\u0027Cross-site Scripting\u0027) vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.4. Contact customer support to receive patch and update information.",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-23111"
    },
    {
      "cve": "CVE-2024-26006",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS and FortiProxy\u0027s web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via social engineering the targeted user into bookmarking a malicious samba server, then opening the bookmark.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable SSL-VPN web-mode (see \nhttps://fortiguard.fortinet.com/psirt/FG-IR-23-485)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.4. Contact customer support to receive patch and update information.",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26006"
    },
    {
      "cve": "CVE-2024-26010",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specially crafted packets.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "For each interface, remove the fgfm access (see \nhttps://www.fortiguard.com/psirt/FG-IR-24-036)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.4. Contact customer support to receive patch and update information.",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26010"
    },
    {
      "cve": "CVE-2024-26011",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.4. Contact customer support to receive patch and update information.",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26011"
    },
    {
      "cve": "CVE-2024-26015",
      "cwe": {
        "id": "CWE-1389",
        "name": "Incorrect Parsing of Numbers with Different Radices"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.4. Contact customer support to receive patch and update information.",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-26015"
    },
    {
      "cve": "CVE-2024-33510",
      "cwe": {
        "id": "CWE-358",
        "name": "Improperly Implemented Security Check for Standard"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An\u00a0improper neutralization of special elements in output used by a downstream component (\u0027Injection\u0027) vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.4. Contact customer support to receive patch and update information.",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-33510"
    },
    {
      "cve": "CVE-2024-36505",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.4. Contact customer support to receive patch and update information.",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-36505"
    },
    {
      "cve": "CVE-2024-50568",
      "cwe": {
        "id": "CWE-300",
        "name": "Channel Accessible by Non-Endpoint"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 \u0026 FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specific data to spoof the identity of a downstream device of the security fabric via crafted TCP requests.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.4. Contact customer support to receive patch and update information.",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50568"
    },
    {
      "cve": "CVE-2025-47295",
      "cwe": {
        "id": "CWE-126",
        "name": "Buffer Over-read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A buffer over-read vulnerability in FortiOS may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker\u0027s control.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.4. Contact customer support to receive patch and update information.",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-47295"
    }
  ]
}

cnvd-2025-12682

Vulnerability from cnvd

Title: Fortinet FortiOS越界读取漏洞

Description:

Fortinet FortiOS是美国飞塔（Fortinet）公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。

Fortinet FortiOS存在越界读取漏洞，该漏洞源于对用户提供的数据缺乏适当的验证，攻击者可利用该漏洞可能导致FGFM守护进程崩溃。

Severity: 低

Patch Name: Fortinet FortiOS越界读取漏洞的补丁

Patch Description:

Fortinet FortiOS存在越界读取漏洞，该漏洞源于对用户提供的数据缺乏适当的验证，攻击者可利用该漏洞可能导致FGFM守护进程崩溃。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://fortiguard.fortinet.com/psirt/FG-IR-24-381

Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-47295

Impacted products

Name
['Fortinet FortiOS >=7.4.0，<7.4.4', 'Fortinet FortiOS >=7.2.0，<7.2.8', 'Fortinet FortiOS >=6.4.0，<7.0.15']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-47295",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-47295"
    }
  },
  "description": "Fortinet FortiOS\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8eFortiGate\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u4e0a\u7684\u5b89\u5168\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u4e3a\u7528\u6237\u63d0\u4f9b\u9632\u706b\u5899\u3001\u9632\u75c5\u6bd2\u3001IPSec/SSLVPN\u3001Web\u5185\u5bb9\u8fc7\u6ee4\u548c\u53cd\u5783\u573e\u90ae\u4ef6\u7b49\u591a\u79cd\u5b89\u5168\u529f\u80fd\u3002\n\nFortinet FortiOS\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u7f3a\u4e4f\u9002\u5f53\u7684\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4FGFM\u5b88\u62a4\u8fdb\u7a0b\u5d29\u6e83\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://fortiguard.fortinet.com/psirt/FG-IR-24-381",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-12682",
  "openTime": "2025-06-16",
  "patchDescription": "Fortinet FortiOS\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8eFortiGate\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u4e0a\u7684\u5b89\u5168\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u4e3a\u7528\u6237\u63d0\u4f9b\u9632\u706b\u5899\u3001\u9632\u75c5\u6bd2\u3001IPSec/SSLVPN\u3001Web\u5185\u5bb9\u8fc7\u6ee4\u548c\u53cd\u5783\u573e\u90ae\u4ef6\u7b49\u591a\u79cd\u5b89\u5168\u529f\u80fd\u3002\r\n\r\nFortinet FortiOS\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u7f3a\u4e4f\u9002\u5f53\u7684\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4FGFM\u5b88\u62a4\u8fdb\u7a0b\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiOS\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Fortinet FortiOS \u003e=7.4.0\uff0c\u003c7.4.4",
      "Fortinet FortiOS \u003e=7.2.0\uff0c\u003c7.2.8",
      "Fortinet FortiOS \u003e=6.4.0\uff0c\u003c7.0.15"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-47295",
  "serverity": "\u4f4e",
  "submitTime": "2025-06-11",
  "title": "Fortinet FortiOS\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e"
}

ncsc-2025-0166

Vulnerability from csaf_ncscnl

Published

2025-05-14 08:41

Modified

2025-05-14 08:41

Summary

Kwetsbaarheden verholpen in Fortinet producten

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Fortinet heeft kwetsbaarheden verholpen in FortiManager, FortiManager Cloud, FortiAnalyzer, FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiSwitchManager en FortiWeb.

Interpretaties

De kwetsbaarheden omvatten een OS Command Injection die lokale aanvallers in staat stelt om ongeautoriseerde code uit te voeren door CLI-commando-argumenten te manipuleren. Daarnaast zijn er kwetsbaarheden die het mogelijk maken voor aanvallers om ongeautoriseerde wijzigingen aan te brengen in globale dreigingsfeeds en om authenticatie te omzeilen, wat leidt tot administratieve toegang tot de apparaten. Ook zijn er kwetsbaarheden die kunnen leiden tot denial-of-service door het versturen van speciaal vervaardigde verzoeken. Deze kwetsbaarheden kunnen leiden tot controle over de getroffen systemen.

Oplossingen

Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-222

Truncation of Security-relevant Information

CWE-364

Signal Handler Race Condition

CWE-134

Use of Externally-Controlled Format String

CWE-354

Improper Validation of Integrity Check Value

CWE-190

Integer Overflow or Wraparound

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-757

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

CWE-400

Uncontrolled Resource Consumption

CWE-770

Allocation of Resources Without Limits or Throttling

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Fortinet heeft kwetsbaarheden verholpen in FortiManager, FortiManager Cloud, FortiAnalyzer, FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiSwitchManager en FortiWeb.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden omvatten een OS Command Injection die lokale aanvallers in staat stelt om ongeautoriseerde code uit te voeren door CLI-commando-argumenten te manipuleren. Daarnaast zijn er kwetsbaarheden die het mogelijk maken voor aanvallers om ongeautoriseerde wijzigingen aan te brengen in globale dreigingsfeeds en om authenticatie te omzeilen, wat leidt tot administratieve toegang tot de apparaten. Ook zijn er kwetsbaarheden die kunnen leiden tot denial-of-service door het versturen van speciaal vervaardigde verzoeken. Deze kwetsbaarheden kunnen leiden tot controle over de getroffen systemen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Truncation of Security-relevant Information",
        "title": "CWE-222"
      },
      {
        "category": "general",
        "text": "Signal Handler Race Condition",
        "title": "CWE-364"
      },
      {
        "category": "general",
        "text": "Use of Externally-Controlled Format String",
        "title": "CWE-134"
      },
      {
        "category": "general",
        "text": "Improper Validation of Integrity Check Value",
        "title": "CWE-354"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
        "title": "CWE-362"
      },
      {
        "category": "general",
        "text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
        "title": "CWE-757"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
        "title": "CWE-78"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-325"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-381"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-388"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-167"
      },
      {
        "category": "external",
        "summary": "Reference - certbundde",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-490"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-122"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-472"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-023"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-472"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Fortinet producten",
    "tracking": {
      "current_release_date": "2025-05-14T08:41:08.980708Z",
      "generator": {
        "date": "2025-02-25T15:15:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.0"
        }
      },
      "id": "NCSC-2025-0166",
      "initial_release_date": "2025-05-14T08:41:08.980708Z",
      "revision_history": [
        {
          "date": "2025-05-14T08:41:08.980708Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/unknown",
                "product": {
                  "name": "vers:unknown/unknown",
                  "product_id": "CSAFPID-1363392",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fortinet FortiOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/unknown",
                "product": {
                  "name": "vers:unknown/unknown",
                  "product_id": "CSAFPID-2002532",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "fortiproxy"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/unknown",
                "product": {
                  "name": "vers:unknown/unknown",
                  "product_id": "CSAFPID-1363409",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortianalyzer:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fortinet FortiAnalyzer"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/unknown",
                "product": {
                  "name": "vers:unknown/unknown",
                  "product_id": "CSAFPID-1363397",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortimanager:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fortinet FortiManager"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/unknown",
                "product": {
                  "name": "vers:unknown/unknown",
                  "product_id": "CSAFPID-2838319"
                }
              }
            ],
            "category": "product_name",
            "name": "FortiClient"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/unknown",
                "product": {
                  "name": "vers:unknown/unknown",
                  "product_id": "CSAFPID-2838320"
                }
              }
            ],
            "category": "product_name",
            "name": "FortiClient-EMS"
          }
        ],
        "category": "vendor",
        "name": "Fortinet"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-42788",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-42788",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42788.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1363392",
            "CSAFPID-2002532",
            "CSAFPID-1363409",
            "CSAFPID-1363397",
            "CSAFPID-2838319",
            "CSAFPID-2838320"
          ]
        }
      ],
      "title": "CVE-2023-42788"
    },
    {
      "cve": "CVE-2023-48795",
      "cwe": {
        "id": "CWE-222",
        "name": "Truncation of Security-relevant Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Truncation of Security-relevant Information",
          "title": "CWE-222"
        },
        {
          "category": "other",
          "text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
          "title": "CWE-757"
        },
        {
          "category": "other",
          "text": "Improper Validation of Integrity Check Value",
          "title": "CWE-354"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-48795",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1363392",
            "CSAFPID-2002532",
            "CSAFPID-1363409",
            "CSAFPID-1363397",
            "CSAFPID-2838319",
            "CSAFPID-2838320"
          ]
        }
      ],
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2024-6387",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Signal Handler Race Condition",
          "title": "CWE-364"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6387",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6387.json"
        }
      ],
      "title": "CVE-2024-6387"
    },
    {
      "cve": "CVE-2024-45324",
      "cwe": {
        "id": "CWE-134",
        "name": "Use of Externally-Controlled Format String"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Externally-Controlled Format String",
          "title": "CWE-134"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45324",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45324.json"
        }
      ],
      "title": "CVE-2024-45324"
    },
    {
      "cve": "CVE-2024-54020",
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-54020",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54020.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1363392",
            "CSAFPID-2002532",
            "CSAFPID-1363409",
            "CSAFPID-1363397",
            "CSAFPID-2838319",
            "CSAFPID-2838320"
          ]
        }
      ],
      "title": "CVE-2024-54020"
    },
    {
      "cve": "CVE-2025-22252",
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-22252",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-22252.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1363392",
            "CSAFPID-2002532",
            "CSAFPID-1363409",
            "CSAFPID-1363397",
            "CSAFPID-2838319",
            "CSAFPID-2838320"
          ]
        }
      ],
      "title": "CVE-2025-22252"
    },
    {
      "cve": "CVE-2025-26466",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-26466",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26466.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1363392",
            "CSAFPID-2002532",
            "CSAFPID-1363409",
            "CSAFPID-1363397",
            "CSAFPID-2838319",
            "CSAFPID-2838320"
          ]
        }
      ],
      "title": "CVE-2025-26466"
    },
    {
      "cve": "CVE-2025-47294",
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-47294",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-47294.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1363392",
            "CSAFPID-2002532",
            "CSAFPID-1363409",
            "CSAFPID-1363397",
            "CSAFPID-2838319",
            "CSAFPID-2838320"
          ]
        }
      ],
      "title": "CVE-2025-47294"
    },
    {
      "cve": "CVE-2025-47295",
      "product_status": {
        "known_affected": [
          "CSAFPID-1363392",
          "CSAFPID-2002532",
          "CSAFPID-1363409",
          "CSAFPID-1363397",
          "CSAFPID-2838319",
          "CSAFPID-2838320"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-47295",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-47295.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1363392",
            "CSAFPID-2002532",
            "CSAFPID-1363409",
            "CSAFPID-1363397",
            "CSAFPID-2838319",
            "CSAFPID-2838320"
          ]
        }
      ],
      "title": "CVE-2025-47295"
    }
  ]
}

ghsa-2qfg-jccx-w5cf

Vulnerability from github

Published

2025-05-28 09:31

Modified

2025-05-28 09:31

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-47295"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-28T08:15:22Z",
    "severity": "LOW"
  },
  "details": "A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker\u0027s control.",
  "id": "GHSA-2qfg-jccx-w5cf",
  "modified": "2025-05-28T09:31:27Z",
  "published": "2025-05-28T09:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47295"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-381"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2025-47295

Vulnerability from fkie_nvd

Published

2025-05-28 08:15

Modified

2025-06-04 15:37

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-24-381	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortios	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8185801-97AD-48F2-8275-A54D5D81C048",
              "versionEndExcluding": "7.0.15",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6D2A14F-3916-45A0-AD4D-27C60E00AEC0",
              "versionEndExcluding": "7.2.8",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDDB5F3-D229-4208-9110-8860A03C8B59",
              "versionEndExcluding": "7.4.4",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker\u0027s control."
    },
    {
      "lang": "es",
      "value": "Una sobrelectura de b\u00fafer en las versiones 7.4.0 a 7.4.3, 7.2.0 a 7.2.7 y 7.0.0 a 7.0.14 de Fortinet FortiOS puede permitir que un atacante remoto no autenticado bloquee el daemon FGFM a trav\u00e9s de una solicitud especialmente manipulada, en raras condiciones que est\u00e1n fuera del control del atacante. "
    }
  ],
  "id": "CVE-2025-47295",
  "lastModified": "2025-06-04T15:37:21.417",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-28T08:15:22.747",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-381"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-126"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-47295 (GCVE-0-2025-47295)

Vulnerability from cvelistv5

ssa-698820

Vulnerability from csaf_siemens

cnvd-2025-12682

Vulnerability from cnvd

ncsc-2025-0166

Vulnerability from csaf_ncscnl

ghsa-2qfg-jccx-w5cf

Vulnerability from github

fkie_cve-2025-47295

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature