vulnerability

Fortinet FortiOS: Use of Uninitialized Resource (CVE-2023-37930)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:S/C:C/I:C/A:C)	Apr 8, 2025	Jul 25, 2025	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:C/I:C/A:C)

Published

Apr 8, 2025

Added

Jul 25, 2025

Modified

Aug 11, 2025

Description

Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities in Fortinet FortiOS SSL VPN webmode version 7.4.0, version 7.2.0 through 7.2.5, version 7.0.1 through 7.0.11 and version 6.4.7 through 6.4.14 and Fortinet FortiProxy SSL VPN webmode version 7.2.0 through 7.2.6 and version 7.0.0 through 7.0.12 allows a VPN user to corrupt memory potentially leading to code or commands execution via specifically crafted requests.

Solutions

fortios-upgrade-6_4_15fortios-upgrade-7_0_13fortios-upgrade-7_2_6

References

CVE-2023-37930
https://attackerkb.com/topics/CVE-2023-37930
CWE-908
URL-https://fortiguard.com/psirt/FG-IR-23-165

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today