Volerion logoVolerion
Volerion logoVolerion

Fortinet FortiOS and FortiProxy Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A stack-based buffer overflow vulnerability has been identified in Fortinet FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.7, 7.0.0 through 7.0.12, 6.4.6 through 6.4.15, 6.2.9 through 6.2.16, and 6.0.13 through 6.0.18. This vulnerability allows authenticated attackers to execute unauthorized code or commands by sending specially crafted CLI commands. FortiProxy versions 7.4.0 through 7.4.7 are also vulnerable, while FortiProxy 7.6 and 7.2 all versions are not affected.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the affected device.

Remediation

Users of Fortinet FortiOS should upgrade to FortiOS 7.4.2, 7.2.12, or migrate to a fixed release for versions 7.0.0 through 7.0.12, 6.4.6 through 6.4.16, 6.2.9 through 6.2.17, and 6.0.13 through 6.0.18. Fortinet FortiProxy users should upgrade to FortiProxy 7.4.8 or migrate to a fixed release for all other affected versions.

Added: Oct 14, 2025, 4:37 PM
Updated: Oct 14, 2025, 11:16 PM

Vulnerability Rating

Custom Algorithm
spread
6.8
impact
7.5
exploitability
3.0
remediation
7.7
relevance
0.7
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.