MEDIUM🇬🇧 English

CVE-2025-67604

CVSS 5.3v3.1pub. 2026-05-12upd. 2026-05-15

A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Fortinet Fortianalyzer

    APP
    Fortinet
    7.2.0 – 7.2.127.4.0 – 7.4.9 (bez)7.6.0 – 7.6.5 (bez)
  • Fortinet Fortimanager

    APP
    Fortinet
    7.2.0 – 7.2.127.4.0 – 7.4.9 (bez)7.6.0 – 7.6.5 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach

CVE-2024-47575CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Brak uwierzytelnienia krytycznej funkcji w Fortinet FortiManager — RCE

CVE-2023-25610CRITICAL9.8PL ✓ten sam produkt

Buffer Underflow w interfejsie administracyjnym Fortinet FortiOS / FortiProxy — RCE bez uwierzytelnienia

CVE-2024-48886CRITICAL9.0PL ✓ten sam produkt

Słabe uwierzytelnienie w Fortinet FortiOS/FortiProxy/FortiManager umożliwia RCE

CVE-2015-3613CRITICAL9.8ten sam produkt

A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup pag...