CRITICAL🇵🇱 Wersja polska

CVE-2023-25610

CVSS 9.8v3.1pub. 2025-03-24upd. 2025-07-24

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Fortinet Fortianalyzer

    APP
    Fortinet
    7.2.07.0.0 – 7.0.5 (bez)6.4.0 – 6.4.12 (bez)6.2.0 – 6.2.11 (bez)6.0.0 – 6.0.12 (bez)
  • Fortinet Fortimanager

    APP
    Fortinet
    7.2.06.2.0 – 6.2.11 (bez)7.0.0 – 7.0.5 (bez)6.4.0 – 6.4.12 (bez)6.0.0 – 6.0.12 (bez)
  • Fortinet FortiOS

    OS
    Fortinet
    6.4.0 – 6.4.12 (bez)7.2.0 – 7.2.4 (bez)7.0.0 – 7.0.10 (bez)5.0.0 – 6.2.13 (bez)
  • Fortinet FortiOS 6k7k

    APP
    Fortinet
    7.0.56.4.2 – 6.4.12 (bez)6.0.4 – 6.2.13 (bez)
  • Fortinet Fortiproxy

    APP
    Fortinet
    7.2.0 – 7.2.3 (bez)1.1.0 – 7.0.9 (bez)
  • Fortinet Fortiswitch

    OS
    Fortinet
    7.0.0 – 7.0.7 (bez)7.2.0 – 7.2.4 (bez)
  • Fortinet Fortiswitchmanager

    APP
    Fortinet
    7.2.0 – 7.2.2 (bez)7.0.0 – 7.0.2 (bez)
  • Fortinet Fortiweb

    APP
    Fortinet
    6.2.0 – 6.2.8 (bez)7.2.0 – 7.2.2 (bez)7.0.0 – 7.0.7 (bez)6.4.0 – 6.4.3 (bez)6.3.0 – 6.3.23 (bez)6.1.0 – 6.1.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEAuth BypassFirewall
CWE
References

Related vulnerabilities

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach

CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML

CVE-2025-64446CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Path Traversal w Fortinet FortiWeb umożliwiający zdalne wykonanie poleceń

CVE-2025-25257CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Krytyczna podatność SQL Injection w Fortinet FortiWeb — obejście uwierzytelnienia

CVE-2024-55591CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Authentication Bypass w FortiOS i FortiProxy — przejęcie uprawnień super-admin