vulnerability

Fortinet FortiOS: Heap buffer underflow in administrative interface (CVE-2023-25610)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Mar 7, 2023	Apr 21, 2023	Mar 26, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Mar 7, 2023

Added

Apr 21, 2023

Modified

Mar 26, 2025

Description

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Solution

fortios-upgrade-latest

References

CVE-2023-25610
https://attackerkb.com/topics/CVE-2023-25610
URL-https://fortiguard.com/advisory/FG-IR-23-001

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today