Primary

Context

Fortinet FortiMail and FortiNDR Buffer Overflow Vulnerability Allowing Code Execution

Vulnerability

A classic buffer overflow vulnerability has been identified in Fortinet FortiMail webmail and administrative interfaces, specifically in versions 6.4.0 through 6.4.4 and prior to 6.2.6. Additionally, Fortinet FortiNDR administrative interface versions 7.2.0 and prior to 7.1.0 are affected. This vulnerability allows an authenticated attacker with regular webmail access to exploit the buffer overflow by sending specially crafted HTTP requests, potentially leading to the execution of unauthorized code or commands.

Impact

Exploitation of this vulnerability can result in a buffer overflow, allowing for the execution of unauthorized code or commands on the affected system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

5.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

5.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiMail and FortiNDR Buffer Overflow Vulnerability Allowing Code Execution

Vulnerability

Impact

Affected Products

Fortinet FortiMail

Fortinet FortiNDR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating