VDB
CVE-2025-25249
CVE-2025-25249
PUBLISHED
CVSS 7.400000095367432 HIGH
A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.16, FortiSASE 25.2.b, FortiSASE 25.1.a.2, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets
EPSS 0.02% · 3.8th percentile
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C
EPSS Score
0.02%
3.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| fortinet | fortisase | 25.1.51, 25.1.39 |
| fortinet | fortiswitchmanager | 7.2.0, 7.0.0 |
| Fortinet | FortiSwitchManager | 7.2.2 |
| fortinet | fortios | 7.4.0, 7.6.0, 6.4.0 |
| Fortinet | FortiOS | 7.6.0, 7.4.0, 7.2.4 |
Exploit Intelligence
- CIRCL seen: CVE-2025-25249 (circl-sighting)
- CIRCL seen: CVE-2025-25249 (circl-sighting)
- CIRCL seen: CVE-2025-25249 (circl-sighting)
- CIRCL seen: CVE-2025-25249 (circl-sighting)
- CIRCL seen: CVE-2025-25249 (circl-sighting)
- CIRCL seen: CVE-2025-25249 (circl-sighting)
- CIRCL seen: CVE-2025-25249 (circl-sighting)
- https://fortiguard.fortinet.com/psirt/FG-IR-25-084 (circl)
Timeline
- Jan 13, 2026 CVE Published
- Jan 13, 2026 PoC Published
- Jan 13, 2026 PoC Published
- Jan 14, 2026 EPSS Score
- Jan 14, 2026 PoC Published
- Jan 14, 2026 PoC Published
- Jan 16, 2026 PoC Published
- Jan 17, 2026 EPSS Score
- Jan 18, 2026 PoC Published
- Jan 18, 2026 PoC Published
- Jan 20, 2026 EPSS Score
- Jan 23, 2026 EPSS Score
References
- https://www.fortiguard.com/psirt/FG-IR-25-783 advisory
- https://www.fortiguard.com/psirt/FG-IR-25-778 advisory
- https://www.fortiguard.com/psirt/FG-IR-25-084 advisory
- https://www.fortiguard.com/psirt/FG-IR-25-260 advisory
- https://www.fortiguard.com/psirt/FG-IR-25-735 advisory
- https://www.fortiguard.com/psirt/FG-IR-25-772 advisory
- https://fortiguard.fortinet.com/psirt/FG-IR-25-084 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-25249 advisory