—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Buffer Overflow Vulnerability in Fortinet FortiManager

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

FortiManager version 7.4.0 through 7.4.2

FortiManager version 7.2.0 through 7.2.10

FortiManager version 6.4.0 through 6.4.15

Note: FortiManager Cloud is not affected by this vulnerability.

Overview

A vulnerability has been reported in Fortinet FortiManager, which could allow an unauthenticated remote attacker to execute arbitrary code on the affected system.

Target Audience:

All organizations and administrators using affected Fortinet FortiManager

Risk Assessment:

High risk of execute arbitrary commands on the targeted system.

Impact Assessment:

Potential impact on the system¿s confidentiality, integrity, and availability.

Description

Fortinet develops enterprise security solutions that provide VPN authentication, policy enforcement, and advanced threat detection capabilities.

A vulnerability exists in Fortinet FortiManager due to a stack-based buffer overflow condition. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted requests, if the fgtupdates service is enabled.

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the affected system. The success of the attack may depend on bypassing stack protection mechanisms implemented in the system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://fortiguard.fortinet.com/psirt/FG-IR-26-098

Vendor Information

Fortinet

https://fortiguard.fortinet.com/psirt/FG-IR-26-098

References

 

https://fortiguard.fortinet.com/psirt/FG-IR-26-098

CVE Name

CVE-2025-54820

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmxeDYACgkQ3jCgcSdc

ys+HWg/9GOc3su8L+kEgkEtE4omypqz3v674TsduTzitb7GT5etsPv/RMoq0VdMe

FH1OiD/3uALqRYI4b/wT0eaI3riQTlwlthX1h7qPGlzqOMPRMj1dPB+D7G9Gxu7T

U/ldP8FmdfQ0X3elW4VYKSvN1nO62jxjesCFBpOTfq8+bmXFlxa9JxIrYUMlo+pn

wR+GNrDauEZW6SPceEoOH6s6IKAO9bz6MzwVByCMWhomucrMWmg+MkWv5e8uTsHn

C8fjDWbxrnVu/IiEN9ZOk7+ai+3c0nWYJ/xWsj7I8SQ13i2WCO9xFMpPix2AdZvZ

LnOHrvL8BLORO4Z3hIRKCoLwChwlL8omc2z8oFffRIJy174LhLinY7OG7EsqQJjg

rdxNC9df2EJrZXjMRWt/sG+uFR9ZVFNUnz8PaAjnG9TWM9gN9KBXQtK5pWxVc9aJ

zyPFHYo3IkvoSlEx8oBXBpGXjOLaRLqvcZnJlYpIeUe5mgzpYMAFfvKmy+2QB43a

0adbCoHShmiY99sqAPmNlg4I6V9vY4ebVCMBO05NfWolRBIjWxn/8DETNwfcm6f9

mKWc78gyl1yv3FLUxvgm9S38HunaUT4PNgnrCapISh+/u9AcUbf7JVeHjwjC0A6m

zgqZgGQtin49iZiTytdRfkbSOH+BACSLUixV+e82M1qnhK4e5sw=

=VN6O

—–END PGP SIGNATURE—–