CVE-2025-67604

216.73.216.15

· Published 12/05/2026 18:16 · Modified 12/05/2026 18:57

Labels: CVE-2025-67604 2026-05-12 CVE-2025-67604 CWE-676 [email protected]

Essential information

Published: 12/05/2026 18:16
Modified: 12/05/2026 18:57
Author: —
Creator: —
CVSS: 5.3 MEDIUM (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.

NVD status

Status: Undergoing Analysis — CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
fortinet / fortianalyzer	`cpe:2.3:a:fortinet:fortianalyzer:7.6.0-7.6.4:::::::*`
fortinet / fortianalyzer	`cpe:2.3:a:fortinet:fortianalyzer:7.4.0-7.4.8:::::::*`
fortinet / fortianalyzer	`cpe:2.3:a:fortinet:fortianalyzer:7.2:::::::*`
fortinet / fortianalyzer	`cpe:2.3:a:fortinet:fortianalyzer:7.0:::::::*`
fortinet / fortianalyzer	`cpe:2.3:a:fortinet:fortianalyzer:6.4:::::::*`
fortinet / fortimanager	`cpe:2.3:a:fortinet:fortimanager:7.6.0-7.6.4:::::::*`
fortinet / fortimanager	`cpe:2.3:a:fortinet:fortimanager:7.4.0-7.4.8:::::::*`
fortinet / fortimanager	`cpe:2.3:a:fortinet:fortimanager:7.2:::::::*`
fortinet / fortimanager	`cpe:2.3:a:fortinet:fortimanager:7.0:::::::*`
fortinet / fortimanager	`cpe:2.3:a:fortinet:fortimanager:6.4:::::::*`