Skip to main content

Fortinet FortiAnalyzer and FortiManager CVE-2025-67604

| EUVD-2025-209804 MEDIUM
Use of Potentially Dangerous Function (CWE-676)
2026-05-12 fortinet GHSA-c3gv-678x-vgc9
Denial Of Service Fortinet
5.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
CVSS changed
May 12, 2026 - 18:22 NVD
5.2 (MEDIUM) 5.3 (MEDIUM)
Analysis Generated
May 12, 2026 - 18:01 vuln.today
CVE Published
May 12, 2026 - 16:54 nvd
MEDIUM 5.2

DescriptionNVD

A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.

AnalysisAI

Denial-of-service attacks against Fortinet FortiAnalyzer and FortiManager 6.4 through 7.6.4 allow authenticated attackers to trigger system hangs via specially crafted HTTP requests that exploit a use of potentially dangerous function vulnerability (CWE-676). The crash occurs only when internal lock alignment conditions are met, making exploitation dependent on timing and system state rather than attacker control. CVSS 5.2 reflects medium severity with high attack complexity and low availability impact; active exploitation is not confirmed.

Technical ContextAI

The vulnerability stems from improper use of dangerous functions in the HTTP request handling code of FortiAnalyzer and FortiManager management appliances. CWE-676 identifies functions that may be unsafe or deprecated in the codebase, likely related to unsafe memory operations, buffer handling, or synchronization primitives. The root cause involves race conditions or deadlock scenarios triggered when multiple HTTP requests interact with internal locking mechanisms. The vulnerability manifests as a denial of service through system hangs rather than memory corruption or code execution, suggesting the dangerous function call leads to resource exhaustion or infinite loops under specific concurrency conditions. Exploitation requires authentication (PR:L per CVSS vector), limiting attack surface to users with valid credentials.

RemediationAI

Apply the latest security patches from Fortinet for FortiAnalyzer and FortiManager. For FortiAnalyzer, upgrade to version 7.6.5 or later, 7.4.9 or later, or the latest patched releases for 7.2 and 7.0 series. For FortiManager, apply equivalent patches (7.6.5+, 7.4.9+, and patched versions of 7.2 and 7.0). Consult the Fortiguard advisory FG-IR-26-137 for exact patch version numbers and release dates. As an interim compensating control, restrict administrative access to FortiAnalyzer and FortiManager to a minimal set of trusted accounts and IP addresses through firewall rules and access control lists, reducing the pool of authenticated users who could trigger the vulnerability. Monitor system logs for unusual HTTP request patterns or repeated authentication attempts that might precede exploitation attempts. Disable non-essential HTTP/HTTPS access to management interfaces if not required for daily operations, though this may impact legitimate remote administration workflows. Note that these compensating controls do not prevent exploitation by authenticated insiders but significantly reduce the attack surface.

Share

CVE-2025-67604 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy