CVE-2025-58903
LOWFortinet FortiOS <7.6.3 & <=7.4.7 - Unchecked Return Value
Title source: llmDescription
An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request.
References (2)
Core 2
Core References
Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-25-653
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Scores
CVSS v3
2.7
EPSS
0.0057
EPSS Percentile
42.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-252
Status
published
Products (6)
Fortinet/FortiOS
6.4.0 - 6.4.16
fortinet/fortios
6.4.0 - 7.4.9
Fortinet/FortiOS
7.0.0 - 7.0.18
Fortinet/FortiOS
7.2.0 - 7.2.12
Fortinet/FortiOS
7.4.0 - 7.4.8
Fortinet/FortiOS
7.6.0 - 7.6.3
Published
Oct 14, 2025
Tracked Since
Feb 18, 2026