CVE-2025-22258
published 2025-10-14CVE-2025-22258: A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy 7.6.0 through 7.6.1, 7.4.0 through 7.4.7, FortiOS 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.2 through 7.0.16, FortiSwitchManager 7.2.1 through 7.2.5 allows attackers to escalate their privilege via specially crafted http requests.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | >= 7.0.2 < 7.0.17 | 7.0.17 |
| fortinet | fortios | 7.0.2 – 7.0.16 | — |
| fortinet | fortios | >= 7.2.0 < 7.2.11 | 7.2.11 |
| fortinet | fortios | 7.2.0 – 7.2.10 | — |
| fortinet | fortios | >= 7.4.0 < 7.4.7 | 7.4.7 |
| fortinet | fortios | 7.4.0 – 7.4.6 | — |
| fortinet | fortios | >= 7.6.0 < 7.6.3 | 7.6.3 |
| fortinet | fortios | 7.6.0 – 7.6.2 | — |
| fortinet | fortipam | — | — |
| fortinet | fortipam | — | — |
| fortinet | fortipam | — | — |
| fortinet | fortipam | >= 1.0.0 < 1.4.3 | 1.4.3 |
| fortinet | fortipam | 1.0.0 – 1.0.3 | — |
| fortinet | fortipam | 1.1.0 – 1.1.2 | — |
| fortinet | fortipam | 1.3.0 – 1.3.1 | — |
| fortinet | fortipam | 1.4.0 – 1.4.2 | — |
| fortinet | fortiproxy | — | — |
| fortinet | fortiproxy | >= 7.4.0 < 7.4.8 | 7.4.8 |
| fortinet | fortiproxy | 7.4.0 – 7.4.7 | — |
| fortinet | fortiproxy | >= 7.6.0 < 7.6.2 | 7.6.2 |
| fortinet | fortiproxy | 7.6.0 – 7.6.1 | — |
| fortinet | fortisra | — | — |
| fortinet | fortisra | — | — |