• Home
  • cyber
  • Fortinet: Fortinet FortiManager fgtupdates Vulnerability Allows Attackers to Execute Malicious Commands
cyber Vulnerability

Fortinet: Fortinet FortiManager fgtupdates Vulnerability Allows Attackers to Execute Malicious Commands

Mar 10, 2026 2 min read
Fortinet: Fortinet FortiManager fgtupdates Vulnerability Allows Attackers to Execute Malicious Commands

Fortinet Patches High-Severity RCE Vulnerability in FortiManager

Fortinet has disclosed a high-severity stack-based buffer overflow vulnerability (CVE-2025-54820) in its FortiManager platform, which could allow remote unauthenticated attackers to execute unauthorized commands. The flaw, rated 7.0 on the CVSSv3 scale, affects the fgtupdates service and requires the service to be actively enabled for exploitation.

Exploiting the vulnerability involves sending specially crafted requests to bypass stack protection mechanisms, though the attack complexity limits its severity to "High" rather than "Critical." The issue was responsibly reported by researcher catalpa of Dbappsecurity Co., Ltd., and addressed in Fortinet’s advisory (FG-IR-26-098), published on March 10, 2026.

Affected Versions & Remediation
The vulnerability impacts on-premises FortiManager deployments, with the following versions at risk:

  • 7.4.0–7.4.2 (upgrade to 7.4.3+)
  • 7.2.0–7.2.10 (upgrade to 7.2.11+)
  • All 6.4 versions (migrate to a fixed release)

FortiManager Cloud remains unaffected. Fortinet recommends patching as the primary mitigation, with a temporary workaround of disabling the fgtupdates service via CLI if immediate upgrades are not feasible.

Impact & Risks
FortiManager is widely used in enterprise and government networks to manage Fortinet security devices. Unauthenticated remote code execution (RCE) vulnerabilities in such platforms are prime targets for threat actors, enabling lateral movement and persistent access across managed infrastructure. Security teams are advised to audit active services, apply patches, and monitor for suspicious activity targeting the fgtupdates endpoint.

Source: https://cybersecuritynews.com/fortinet-fortimanager-fgtupdates-vulnerability/

Fortinet cybersecurity rating report: https://www.rankiteo.com/company/fortinet

"id": "FOR1773167022",
"linkid": "fortinet",
"type": "Vulnerability",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Enterprise and government '
                                              'networks using FortiManager',
                        'industry': 'Cybersecurity',
                        'name': 'Fortinet',
                        'type': 'Vendor'}],
 'attack_vector': 'Remote',
 'customer_advisories': 'Upgrade to fixed versions or disable *fgtupdates* '
                        'service if immediate patching is not feasible.',
 'date_publicly_disclosed': '2026-03-10',
 'description': 'Fortinet has disclosed a high-severity stack-based buffer '
                'overflow vulnerability (CVE-2025-54820) in its FortiManager '
                'platform, which could allow remote unauthenticated attackers '
                'to execute unauthorized commands. The flaw, rated 7.0 on the '
                'CVSSv3 scale, affects the *fgtupdates* service and requires '
                'the service to be actively enabled for exploitation. '
                'Exploiting the vulnerability involves sending specially '
                'crafted requests to bypass stack protection mechanisms.',
 'impact': {'operational_impact': 'Potential unauthorized command execution, '
                                  'lateral movement, and persistent access '
                                  'across managed infrastructure',
            'systems_affected': 'FortiManager deployments'},
 'post_incident_analysis': {'corrective_actions': 'Patch management, service '
                                                  'audits, and enhanced '
                                                  'monitoring',
                            'root_causes': 'Stack-based buffer overflow in '
                                           '*fgtupdates* service'},
 'recommendations': 'Audit active services, apply patches, and monitor for '
                    'suspicious activity targeting the *fgtupdates* endpoint.',
 'references': [{'source': 'Fortinet Advisory'},
                {'source': 'Researcher catalpa (Dbappsecurity Co., Ltd.)'}],
 'response': {'communication_strategy': 'Public advisory (FG-IR-26-098)',
              'containment_measures': 'Patching affected versions, disabling '
                                      '*fgtupdates* service via CLI as a '
                                      'temporary workaround',
              'enhanced_monitoring': 'Monitoring for suspicious activity '
                                     'targeting the *fgtupdates* endpoint',
              'remediation_measures': 'Upgrade to fixed versions (7.4.3+, '
                                      '7.2.11+, or migrate from 6.4)'},
 'title': 'Fortinet Patches High-Severity RCE Vulnerability in FortiManager',
 'type': 'Vulnerability',
 'vulnerability_exploited': 'CVE-2025-54820 (Stack-based buffer overflow in '
                            '*fgtupdates* service)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.