Description
An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request.
Published: 2025-10-14
Score: 2.5 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Solution

Upgrade to upcoming FortiOS version 8.0.0 or above Upgrade to FortiOS version 7.6.4 or above Upgrade to FortiOS version 7.4.9 or above

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 10:30:00 +0000

Type Values Removed Values Added
References

Wed, 14 Jan 2026 09:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*

Thu, 16 Oct 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Tue, 14 Oct 2025 15:30:00 +0000

Type Values Removed Values Added
Description An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request.
First Time appeared Fortinet
Fortinet fortios
Weaknesses CWE-252
CPEs cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortios
References
Metrics cvssV3_1

{'score': 2.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

Subscriptions

Fortinet Fortios
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-06-09T09:02:37.776Z

Reserved: 2025-09-05T11:00:20.686Z

Link: CVE-2025-58903

cve-icon Vulnrichment

Updated: 2026-06-09T09:02:37.776Z

cve-icon NVD

Status : Modified

Published: 2025-10-14T16:15:40.930

Modified: 2026-06-09T10:16:39.010

Link: CVE-2025-58903

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses