VDB

CVE-2025-25249

CVE-2025-25249 PUBLISHED CVSS 7.400000095367432 HIGH

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.16, FortiSASE 25.2.b, FortiSASE 25.1.a.2, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets

EPSS 0.02% · 3.8th percentile

Risk Scores

CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C
EPSS Score
0.02%
3.8th percentile

Affected Products

VendorProductVersions
fortinetfortisase25.1.51, 25.1.39
fortinetfortiswitchmanager7.2.0, 7.0.0
FortinetFortiSwitchManager7.2.2
fortinetfortios7.4.0, 7.6.0, 6.4.0
FortinetFortiOS7.6.0, 7.4.0, 7.2.4

Timeline

  • Jan 13, 2026 CVE Published
  • Jan 13, 2026 PoC Published
  • Jan 13, 2026 PoC Published
  • Jan 14, 2026 EPSS Score
  • Jan 14, 2026 PoC Published
  • Jan 14, 2026 PoC Published
  • Jan 16, 2026 PoC Published
  • Jan 17, 2026 EPSS Score
  • Jan 18, 2026 PoC Published
  • Jan 18, 2026 PoC Published
  • Jan 20, 2026 EPSS Score
  • Jan 23, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›