CVE-2023-25610

CRITICAL

Fortinet FortiOS <=6.2.12, 6.4.0-6.4.11, 7.0.0-7.0.6, 7.2.0-7.2.3 - Remote Code Execution via Buffer Underflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-25610. PoCs published by qi4L.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-25610, targeting a heap-based buffer underflow in FortiOS management interface. The exploit leverages ROP chains to achieve remote code execution via a crafted TLSv1.3 POST request to the login endpoint.

Description

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Exploits (1)

nomisec WORKING POC 23 stars

by qi4L · poc

https://github.com/qi4L/CVE-2023-25610

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-25610, targeting a heap-based buffer underflow in FortiOS management interface. The exploit leverages ROP chains to achieve remote code execution via a crafted TLSv1.3 POST request to the login endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: FortiOS 6.x

No auth needed

Prerequisites: Network access to FortiOS management interface · TLSv1.3 support on target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-23-001

Scores

CVSS v3 9.8

EPSS 0.1429

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-124

Status published

Products (11)

fortinet/fortianalyzer 7.2.0

fortinet/fortianalyzer 6.0.0 - 6.0.12

fortinet/fortimanager 7.2.0

fortinet/fortimanager 6.0.0 - 6.0.12

fortinet/fortios 5.0.0 - 6.2.13

fortinet/fortios-6k7k 7.0.5

fortinet/fortios-6k7k 6.0.4 - 6.2.13

fortinet/fortiproxy 1.1.0 - 7.0.9

fortinet/fortiswitch 7.0.0 - 7.0.7

fortinet/fortiswitchmanager 7.0.0 - 7.0.2

... and 1 more

Published Mar 24, 2025

Tracked Since Feb 18, 2026