CVE-2023-25610

CRITICAL

Fortinet FortiOS <7.2.3 - RCE

Title source: llm

Description

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Exploits (1)

nomisec WORKING POC 23 stars

by qi4L · poc

https://github.com/qi4L/CVE-2023-25610

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-23-001

Scores

CVSS v3 9.8

EPSS 0.1599

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-124

Status published

Products (11)

fortinet/fortianalyzer 7.2.0

fortinet/fortianalyzer 6.0.0 - 6.0.12

fortinet/fortimanager 7.2.0

fortinet/fortimanager 6.0.0 - 6.0.12

fortinet/fortios 5.0.0 - 6.2.13

fortinet/fortios-6k7k 7.0.5

fortinet/fortios-6k7k 6.0.4 - 6.2.13

fortinet/fortiproxy 1.1.0 - 7.0.9

fortinet/fortiswitch 7.0.0 - 7.0.7

fortinet/fortiswitchmanager 7.0.0 - 7.0.2

... and 1 more

Published Mar 24, 2025

Tracked Since Feb 18, 2026