How severe is CVE-2025-25249?

CVE-2025-25249 has a CVSS v3 score of 8.1 (HIGH).

CVE-2025-25249

Name: fortios
Author: fortinet

8.1HIGH

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.1

Published: 1/13/2026Updated: 1/14/2026

Description

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.16, FortiSASE 25.2.b, FortiSASE 25.1.a.2, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets

AI AnalysisPowered by AI

Affected Products

fortinetfortios

fortinetfortiswitchmanager

fortinetfortisase

25.1.39

fortinetfortisase

25.1.51

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-084
Vendor Advisory