CVE-2025-53844 - Vulnerability Details

- Out-of-Bounds Write in FortiOS Allows Remote Code Execution

Description

A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets.

Published: 2026-05-12

Score: 8.3 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

An out-of-bounds write vulnerability exists in Fortinet FortiOS firmware, allowing an attacker to corrupt memory and execute arbitrary code by sending specially crafted packets. The flaw can be escalated to general code execution or command injection on the device, compromising confidentiality, integrity, and availability of the affected network appliance. This vulnerability is classified as a buffer overflow, corresponding to CWE‑787.

Affected Systems

The issue affects FortiOS versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.8, and 7.2.0 through 7.2.11 on Fortinet devices. The affected products are the core FortiOS firmware as well as integrated FortiSwitchManager and FortiEdgeCloud and FortiSASE components in the specified version ranges. Systems running any of these firmware releases are vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 8.3 indicates a high severity. No EPSS score is currently available, and the vulnerability is not listed in the CISA KEV catalog. The exploit requires network access, as the attacker must deliver malformed packets to the device; therefore, the likely attack vector is remote network. The need for a patched image is clear to mitigate the risk.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Fortinet

FortiOS

unaffected

Version	Status	Constraints
`7.6.0`	affected	≤ 7.6.3
`7.4.0`	affected	≤ 7.4.8
`7.2.0`	affected	≤ 7.2.11
`7.0.0`	affected	≤ 7.0.17
`6.4.0`	affected	≤ 6.4.16
`6.2.0`	affected	≤ 6.2.17
`6.0.0`	affected	≤ 6.0.18

No data.

Vendor Product Confidence Versions

Fortinet

Fortios

100%

Version	Status	Scheme	Platform
`[7.6.0,7.6.3]`	affected	semver	—
`[7.4.0,7.4.8]`	affected	semver	—
`[7.2.0,7.2.11]`	affected	semver	—
`[7.0.0,7.0.17]`	affected	semver	—
`[6.4.0,6.4.16]`	affected	semver	—
`[6.2.0,6.2.17]`	affected	semver	—
`[6.0.0,6.0.18]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

Upgrade to FortiOS version 7.6.4 or above Upgrade to FortiOS version 7.4.9 or above Upgrade to FortiOS version 7.2.12 or above Upgrade to FortiOS version 7.0.18 or above Fortinet remediated this issue in FortiSASE version 25.3.a and hence customers do not need to perform any action. Upgrade to FortiSwitchManager version 7.2.7 or above Upgrade to FortiSwitchManager version 7.0.6 or above Fortinet remediated this issue in FortiEdgeCloud version 25.3 and hence customers do not need to perform any action.

OpenCVE Recommended Actions

Upgrade FortiOS to version 7.6.4 or later.
Upgrade FortiOS to version 7.4.9 or later if on the 7.4.x series.
Upgrade FortiOS to version 7.2.12 or later if on the 7.2.x series.
Upgrade FortiOS to version 7.0.18 or later for older 7.0.x devices.
Update FortiSwitchManager to version 7.2.7 or newer, or to 7.0.6 or newer for 7.0.x series.
For FortiEdgeCloud, install version 25.3; for FortiSASE, install version 25.3.a—no action is required if already at those releases.

Generated by OpenCVE AI on May 12, 2026 at 18:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://fortiguard.fortinet.com/psirt/FG-IR-26-123

History

Tue, 12 May 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 12 May 2026 18:45:00 +0000

Type	Values Removed	Values Added
Title		Out-of-Bounds Write in FortiOS Allows Remote Code Execution

Tue, 12 May 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets.
First Time appeared		Fortinet Fortinet fortios
Weaknesses		CWE-787
CPEs		cpe:2.3:o:fortinet:fortios:6.0.0:::::::* cpe:2.3:o:fortinet:fortios:6.0.10:::::::* cpe:2.3:o:fortinet:fortios:6.0.11:::::::* cpe:2.3:o:fortinet:fortios:6.0.12:::::::* cpe:2.3:o:fortinet:fortios:6.0.13:::::::* cpe:2.3:o:fortinet:fortios:6.0.14:::::::* cpe:2.3:o:fortinet:fortios:6.0.15:::::::* cpe:2.3:o:fortinet:fortios:6.0.16:::::::* cpe:2.3:o:fortinet:fortios:6.0.17:::::::* cpe:2.3:o:fortinet:fortios:6.0.18:::::::* cpe:2.3:o:fortinet:fortios:6.0.1:::::::* cpe:2.3:o:fortinet:fortios:6.0.2:::::::* cpe:2.3:o:fortinet:fortios:6.0.3:::::::* cpe:2.3:o:fortinet:fortios:6.0.4:::::::* cpe:2.3:o:fortinet:fortios:6.0.5:::::::* cpe:2.3:o:fortinet:fortios:6.0.6:::::::* cpe:2.3:o:fortinet:fortios:6.0.7:::::::* cpe:2.3:o:fortinet:fortios:6.0.8:::::::* cpe:2.3:o:fortinet:fortios:6.0.9:::::::* cpe:2.3:o:fortinet:fortios:6.2.0:::::::* cpe:2.3:o:fortinet:fortios:6.2.10:::::::* cpe:2.3:o:fortinet:fortios:6.2.11:::::::* cpe:2.3:o:fortinet:fortios:6.2.12:::::::* cpe:2.3:o:fortinet:fortios:6.2.13:::::::* cpe:2.3:o:fortinet:fortios:6.2.14:::::::* cpe:2.3:o:fortinet:fortios:6.2.15:::::::* cpe:2.3:o:fortinet:fortios:6.2.16:::::::* cpe:2.3:o:fortinet:fortios:6.2.17:::::::* cpe:2.3:o:fortinet:fortios:6.2.1:::::::* cpe:2.3:o:fortinet:fortios:6.2.2:::::::* cpe:2.3:o:fortinet:fortios:6.2.3:::::::* cpe:2.3:o:fortinet:fortios:6.2.4:::::::* cpe:2.3:o:fortinet:fortios:6.2.5:::::::* cpe:2.3:o:fortinet:fortios:6.2.6:::::::* cpe:2.3:o:fortinet:fortios:6.2.7:::::::* cpe:2.3:o:fortinet:fortios:6.2.8:::::::* cpe:2.3:o:fortinet:fortios:6.2.9:::::::* cpe:2.3:o:fortinet:fortios:6.4.0:::::::* cpe:2.3:o:fortinet:fortios:6.4.10:::::::* cpe:2.3:o:fortinet:fortios:6.4.11:::::::* cpe:2.3:o:fortinet:fortios:6.4.12:::::::* cpe:2.3:o:fortinet:fortios:6.4.13:::::::* cpe:2.3:o:fortinet:fortios:6.4.14:::::::* cpe:2.3:o:fortinet:fortios:6.4.15:::::::* cpe:2.3:o:fortinet:fortios:6.4.16:::::::* cpe:2.3:o:fortinet:fortios:6.4.1:::::::* cpe:2.3:o:fortinet:fortios:6.4.2:::::::* cpe:2.3:o:fortinet:fortios:6.4.3:::::::* cpe:2.3:o:fortinet:fortios:6.4.4:::::::* cpe:2.3:o:fortinet:fortios:6.4.5:::::::* cpe:2.3:o:fortinet:fortios:6.4.6:::::::* cpe:2.3:o:fortinet:fortios:6.4.7:::::::* cpe:2.3:o:fortinet:fortios:6.4.8:::::::* cpe:2.3:o:fortinet:fortios:6.4.9:::::::* cpe:2.3:o:fortinet:fortios:7.0.0:::::::* cpe:2.3:o:fortinet:fortios:7.0.10:::::::* cpe:2.3:o:fortinet:fortios:7.0.11:::::::* cpe:2.3:o:fortinet:fortios:7.0.12:::::::* cpe:2.3:o:fortinet:fortios:7.0.13:::::::* cpe:2.3:o:fortinet:fortios:7.0.14:::::::* cpe:2.3:o:fortinet:fortios:7.0.15:::::::* cpe:2.3:o:fortinet:fortios:7.0.16:::::::* cpe:2.3:o:fortinet:fortios:7.0.17:::::::* cpe:2.3:o:fortinet:fortios:7.0.1:::::::* cpe:2.3:o:fortinet:fortios:7.0.2:::::::* cpe:2.3:o:fortinet:fortios:7.0.3:::::::* cpe:2.3:o:fortinet:fortios:7.0.4:::::::* cpe:2.3:o:fortinet:fortios:7.0.5:::::::* cpe:2.3:o:fortinet:fortios:7.0.6:::::::* cpe:2.3:o:fortinet:fortios:7.0.7:::::::* cpe:2.3:o:fortinet:fortios:7.0.8:::::::* cpe:2.3:o:fortinet:fortios:7.0.9:::::::* cpe:2.3:o:fortinet:fortios:7.2.0:::::::* cpe:2.3:o:fortinet:fortios:7.2.10:::::::* cpe:2.3:o:fortinet:fortios:7.2.11:::::::* cpe:2.3:o:fortinet:fortios:7.2.1:::::::* cpe:2.3:o:fortinet:fortios:7.2.2:::::::* cpe:2.3:o:fortinet:fortios:7.2.3:::::::* cpe:2.3:o:fortinet:fortios:7.2.4:::::::* cpe:2.3:o:fortinet:fortios:7.2.5:::::::* cpe:2.3:o:fortinet:fortios:7.2.6:::::::* cpe:2.3:o:fortinet:fortios:7.2.7:::::::* cpe:2.3:o:fortinet:fortios:7.2.8:::::::* cpe:2.3:o:fortinet:fortios:7.2.9:::::::* cpe:2.3:o:fortinet:fortios:7.4.0:::::::* cpe:2.3:o:fortinet:fortios:7.4.1:::::::* cpe:2.3:o:fortinet:fortios:7.4.2:::::::* cpe:2.3:o:fortinet:fortios:7.4.3:::::::* cpe:2.3:o:fortinet:fortios:7.4.4:::::::* cpe:2.3:o:fortinet:fortios:7.4.5:::::::* cpe:2.3:o:fortinet:fortios:7.4.6:::::::* cpe:2.3:o:fortinet:fortios:7.4.7:::::::* cpe:2.3:o:fortinet:fortios:7.4.8:::::::* cpe:2.3:o:fortinet:fortios:7.6.0:::::::* cpe:2.3:o:fortinet:fortios:7.6.1:::::::* cpe:2.3:o:fortinet:fortios:7.6.2:::::::* cpe:2.3:o:fortinet:fortios:7.6.3:::::::*
Vendors & Products		Fortinet Fortinet fortios
References		https://fortiguard.fortinet.com/psirt/FG-IR-26-123
Metrics		cvssV3_1 `{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}`

Subscriptions

Fortinet Fortios

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2026-05-12T16:54:10.126Z

Updated: 2026-05-13T03:58:28.011Z

Reserved: 2025-07-10T08:53:33.015Z

Link: CVE-2025-53844

Vulnrichment

Updated: 2026-05-12T19:02:24.868Z

NVD

Status : Awaiting Analysis

Published: 2026-05-12T18:16:35.983

Modified: 2026-05-12T18:57:02.307

Link: CVE-2025-53844

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-12T21:45:05Z

Weaknesses

CWE-787

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object