CVE-2025-47295

Summary

A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker's control.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.4.0 <= 7.4.3affected
FortinetFortiOS7.2.0 <= 7.2.7affected
FortinetFortiOS7.0.0 <= 7.0.14affected
FortinetFortiOS6.4.0 <= 6.4.16affected

Weaknesses

  • CWE-126: Denial of service

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References