CVE-2025-67604

A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-26-137	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortianalyzer::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::

History

15 May 2026, 14:03

Type	Values Removed	Values Added
CPE		cpe:2.3:a:fortinet:fortimanager:::::::: cpe:2.3:a:fortinet:fortianalyzer::::::::
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-26-137 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-26-137 - Vendor Advisory
First Time		Fortinet fortianalyzer Fortinet fortimanager Fortinet

12 May 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-12 18:16

Updated : 2026-05-15 14:03

NVD link : CVE-2025-67604

Mitre link : CVE-2025-67604

CVE.ORG link : CVE-2025-67604

JSON object : View

Products Affected

fortinet

fortianalyzer
fortimanager

CWE

CWE-676

Use of Potentially Dangerous Function

{"id": "CVE-2025-67604", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2026-05-12T18:16:36.470", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-137", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-676"}]}], "descriptions": [{"lang": "en", "value": "A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker."}], "lastModified": "2026-05-15T14:03:47.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B42B20E-3FBB-4C2E-B7C8-EB5E97A81DB4", "versionEndIncluding": "7.2.12", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2941DC1A-2CA0-4459-99F3-3D7EBFE8ADEE", "versionEndExcluding": "7.4.9", "versionStartIncluding": "7.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00645EEE-3E67-4B98-BB49-B23AD1D60B54", "versionEndExcluding": "7.6.5", "versionStartIncluding": "7.6.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4236E74-B734-43AC-A32B-462D6E4B1CFB", "versionEndIncluding": "7.2.12", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45291819-E95A-45DC-B79E-DA0AB4BF4E73", "versionEndExcluding": "7.4.9", "versionStartIncluding": "7.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F4A9AA3-C6AA-428B-AE1B-61F61658D642", "versionEndExcluding": "7.6.5", "versionStartIncluding": "7.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}