CVE-2025-64157

Summary

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.6.0 <= 7.6.4affected
FortinetFortiOS7.4.0 <= 7.4.9affected
FortinetFortiOS7.2.0 <= 7.2.11affected
FortinetFortiOS7.0.0 <= 7.0.19affected

Weaknesses

  • CWE-134: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

Additional References

References