PT-2025-41946 · Fortinet · Fortiswitchmanager+4
Published
2025-10-14
·
Updated
2025-10-16
·
CVE-2025-22258
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiSRA versions 1.0.0 through 1.5.0
Fortinet FortiPAM versions 1.0.0 through 1.5.0
Fortinet FortiProxy versions 7.4.0 through 7.6.1
Fortinet FortiOS versions 7.0.2 through 7.6.2
Fortinet FortiSwitchManager versions 7.2.1 through 7.2.5
Description
A heap-based buffer overflow exists in the software. Attackers can escalate their privileges by sending specially crafted http requests.
Recommendations
Fortinet FortiSRA versions prior to 1.5.0 should be updated.
Fortinet FortiPAM versions prior to 1.5.0 should be updated.
Fortinet FortiProxy versions prior to 7.6.1 should be updated.
Fortinet FortiOS versions prior to 7.6.2 should be updated.
Fortinet FortiSwitchManager versions prior to 7.2.5 should be updated.
Fix
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios
Fortipam
Fortiproxy
Fortisra
Fortiswitchmanager