PT-2025-47353 · Fortinet · Fortiextender
Published
2025-11-18
·
Updated
2025-11-19
·
CVE-2025-46776
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiExtender versions 7.0 all versions
Fortinet FortiExtender versions 7.2 all versions
Fortinet FortiExtender versions 7.4.0 through 7.4.6
Fortinet FortiExtender versions 7.6.0 through 7.6.1
Description
A buffer copy issue without input size validation exists in Fortinet FortiExtender. This can allow an authenticated user to execute arbitrary code or commands through specifically crafted CLI commands.
Recommendations
Update FortiExtender versions prior to 7.0.
Update FortiExtender versions prior to 7.2.
Update FortiExtender versions prior to 7.4.0 or after 7.4.6.
Update FortiExtender versions prior to 7.6.0 or after 7.6.1.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiextender