Fortinet Patches High-Severity RCE Vulnerability in FortiManager
Fortinet has disclosed a high-severity vulnerability (CVE-2025-54820, CVSS 7.0) in its FortiManager platform, which could allow remote attackers to execute unauthorized commands. The flaw, a stack-based buffer overflow (CWE-121) in the fgtupdates service, enables threat actors to send crafted network requests to exploit the system if the service is active. Successful exploitation could grant attackers control over network security policies or disrupt critical infrastructure, given FortiManager’s role in managing multiple Fortinet security devices.
The vulnerability affects older FortiManager versions, including:
- 7.4.0–7.4.2
- 7.2.0–7.2.10
- All 6.4 releases
FortiManager 7.6 and FortiManager Cloud deployments remain unaffected. Fortinet has released patches for impacted versions, urging organizations to upgrade to 7.4.3+, 7.2.11+, or migrate from unsupported 6.4 branches. For temporary mitigation, administrators can disable the fgtupdates service via the CLI.
The flaw was responsibly reported by security researcher Catalpa of Dbappsecurity Co., Ltd. While exploitation requires bypassing stack protections, the potential impact underscores the urgency of applying updates.
Fortinet cybersecurity rating report: https://www.rankiteo.com/company/fortinet
"id": "FOR1773201283",
"linkid": "fortinet",
"type": "Vulnerability",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Cybersecurity',
'name': 'Fortinet',
'type': 'Company'}],
'attack_vector': 'Network requests',
'description': 'Fortinet has disclosed a high-severity vulnerability '
'(CVE-2025-54820, CVSS 7.0) in its FortiManager platform, '
'which could allow remote attackers to execute unauthorized '
'commands. The flaw, a stack-based buffer overflow (CWE-121) '
'in the *fgtupdates* service, enables threat actors to send '
'crafted network requests to exploit the system if the service '
'is active. Successful exploitation could grant attackers '
'control over network security policies or disrupt critical '
'infrastructure, given FortiManager’s role in managing '
'multiple Fortinet security devices.',
'impact': {'operational_impact': 'Potential disruption of critical '
'infrastructure, unauthorized control over '
'network security policies',
'systems_affected': 'FortiManager platforms managing Fortinet '
'security devices'},
'post_incident_analysis': {'corrective_actions': 'Patch management, disabling '
'vulnerable services, and '
'upgrading to supported '
'versions',
'root_causes': 'Stack-based buffer overflow '
'(CWE-121) in the *fgtupdates* '
'service'},
'recommendations': 'Organizations should upgrade to patched versions (7.4.3+, '
'7.2.11+) or disable the *fgtupdates* service if immediate '
'patching is not feasible.',
'references': [{'source': 'Fortinet Security Advisory'},
{'source': 'Security researcher Catalpa (Dbappsecurity Co., '
'Ltd.)'}],
'response': {'containment_measures': 'Disable the *fgtupdates* service via '
'CLI as a temporary mitigation',
'remediation_measures': 'Upgrade to FortiManager 7.4.3+, '
'7.2.11+, or migrate from unsupported '
'6.4 branches'},
'title': 'Fortinet Patches High-Severity RCE Vulnerability in FortiManager',
'type': 'Remote Code Execution (RCE)',
'vulnerability_exploited': 'CVE-2025-54820 (Stack-based buffer overflow, '
'CWE-121)'}