wid-sec-w-2026-0669 · Published 2026-03-10 · View on BSI CERT-Bund ↗

Fortinet FortiManager: Vulnerability allows Code execution

CVSS 8.1 HIGH

Risk Summary

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.

CVEs (1)

CVE-2025-54820

Affected Vendors

Fortinet

Affected Products (4)

Fortinet · FortiManager <7.4.3

Fortinet · FortiManager 7.4.3

Fortinet · FortiManager <7.2.11

Fortinet · FortiManager 7.2.11

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more