CVE-2025-58413

7.5 HIGH

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all version...

Published: 2025-11-18 · Last updated: 2026-06-09

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121, CWE-787

Affected products

Vendor	Product
fortinet	fortios, fortisase

Description

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiSASE 25.3.b allows attacker to execute unauthorized code or commands via specially crafted packets

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-58413
[Vendor advisory]https://fortiguard.fortinet.com/psirt/FG-IR-25-632
[Other]https://cert-portal.siemens.com/productcert/html/ssa-864900.html

Related CVEs

Same vendor

CVE-2026-49938 — A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all... (6.5 MEDIUM)
CVE-2026-25089 — A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0... (9.8 CRITICAL)
CVE-2025-67862 — An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through ... (6.7 MEDIUM)
CVE-2026-44277 — A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through ... (9.8 CRITICAL)
CVE-2026-25690 — An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 throu... (4.3 MEDIUM)

Same CWE

CVE-2026-47750 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
CVE-2026-47747 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
CVE-2026-47749 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
CVE-2026-12314 — Memory safety bug fixed in Thunderbird 152 (7.5 HIGH)
CVE-2026-12310 — Memory safety bug fixed in Thunderbird 152 (7.5 HIGH)