PT-2026-7276 · Fortinet · Fortios
Published
2026-02-10
·
Updated
2026-02-12
·
CVE-2025-64157
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiOS versions 7.0 through 7.2.11
Fortinet FortiOS versions 7.4.0 through 7.4.9
Fortinet FortiOS versions 7.6.0 through 7.6.4
Description
An issue exists in Fortinet FortiOS where a use of externally-controlled format string can allow an authenticated administrator to execute unauthorized code or commands. This is possible through specifically crafted configuration.
Recommendations
Fortinet FortiOS versions 7.0 through 7.2.11 should be updated.
Fortinet FortiOS versions 7.4.0 through 7.4.9 should be updated.
Fortinet FortiOS versions 7.6.0 through 7.6.4 should be updated.
Fix
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios