CVE Daily

CVE-2023-25610

A buffer underwrite ('buffer underflow') vulnerability in the administrative int...

Critical CVSS 9.8

Overview

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

CWE: CWE-124 Published: 2025-03-24T16:15:17.273
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.8 (CRITICAL)
  • Detected tags: rce, unauth_access (tag impact: VERY HIGH)

Recommended actions:

  • Patch/upgrade immediately (remote code execution).
  • Reduce exposure (WAF/segmentation), minimize attack surface.
  • Enforce authentication/authorization; reduce default endpoint exposure.

Recommended tools

Tags