CVE Vulnerabilities

CVE-2025-47295

Buffer Over-read

Published: May 28, 2025 | Modified: Jun 04, 2025
CVSS 3.x
3.7
LOW
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attackers control.

Weakness

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

Affected Software

Name Vendor Start Version End Version
Fortios Fortinet 6.4.0 (including) 7.0.15 (excluding)
Fortios Fortinet 7.2.0 (including) 7.2.8 (excluding)
Fortios Fortinet 7.4.0 (including) 7.4.4 (excluding)

References