CVE-2023-25610

high-risk

Published 2025-03-24

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Do I need to act?

16.0% chance of exploitation in next 30 days

EPSS score — higher than 84% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (11)

Fortimanager

Fortianalyzer

Fortiweb

Fortiswitchmanager

Fortiswitch

Fortiproxy

Fortios-6K7K

Fortios

Affected Vendors

Fortinet

References (1)

Vendor Advisory https://fortiguard.com/psirt/FG-IR-23-001

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 13/34 · Low

Exposure 16/34 · Moderate