CVE-2025-64157

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-25-795	Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-975644.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::

History

12 May 2026, 13:17

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de uso de cadena de formato controlada externamente en Fortinet FortiOS 7.6.0 hasta 7.6.4, FortiOS 7.4.0 hasta 7.4.9, FortiOS 7.2.0 hasta 7.2.11, FortiOS 7.0 todas las versiones permite a un administrador autenticado ejecutar código o comandos no autorizados a través de una configuración específicamente diseñada.
References		() https://cert-portal.siemens.com/productcert/html/ssa-975644.html -

12 Feb 2026, 14:50

Type	Values Removed	Values Added
First Time		Fortinet Fortinet fortios
CPE		cpe:2.3:o:fortinet:fortios::::::::
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-25-795 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-25-795 - Vendor Advisory

10 Feb 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-10 16:16

Updated : 2026-05-12 13:17

NVD link : CVE-2025-64157

Mitre link : CVE-2025-64157

CVE.ORG link : CVE-2025-64157

JSON object : View

Products Affected

fortinet

fortios

CWE

CWE-134

Use of Externally-Controlled Format String

{"id": "CVE-2025-64157", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2026-02-10T16:16:09.443", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-795", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-975644.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration."}, {"lang": "es", "value": "Una vulnerabilidad de uso de cadena de formato controlada externamente en Fortinet FortiOS 7.6.0 hasta 7.6.4, FortiOS 7.4.0 hasta 7.4.9, FortiOS 7.2.0 hasta 7.2.11, FortiOS 7.0 todas las versiones permite a un administrador autenticado ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de una configuraci\u00f3n espec\u00edficamente dise\u00f1ada."}], "lastModified": "2026-05-12T13:17:23.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D217AE6C-1631-4E3E-95D8-7D13F299B4DA", "versionEndExcluding": "7.4.10", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26DF2CCC-782C-4AE8-8CDE-13FFEE8676E6", "versionEndExcluding": "7.6.5", "versionStartIncluding": "7.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}