Back to overview

CVE-2025-43892

MEDIUM
4.1
CVSS 3.1
Description
A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request.

Metadata

CVE ID
CVE-2025-43892
State
PUBLISHED
Assigner
fortinet
Reserved
2025-04-18 14:46 UTC
Published
2026-07-14 15:19 UTC
Last updated
2026-07-14 16:02 UTC
Primary CWE
CWE-126
Information disclosure
Vendor / Product
Fortinet / FortiOS
Sources
cve.org  ·  NVD

Severity & Metrics

4.1 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Fortinet FortiOS 7.4.0 ≤ 7.4.3, 7.2.0 ≤ 7.2.13, 7.0.0 ≤ 7.0.19
Weakness (CWE)
CWESourceDescription
CWE-126 cna Information disclosure
CVSS scores (1)
ScoreSeverityVersionSourceVector
4.1 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
References (1)
Back to overview