cbcvebase.
CVE-2025-24477
published 2025-07-15

CVE-2025-24477: A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12 allows an…

PriorityP180medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.21%
11.4th percentile
A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12 allows an attacker to escalate its privileges via a specially crafted CLI command

Affected

8 ranges
VendorProductVersion rangeFixed in
fortinetfortinet
fortinetfortios
fortinetfortios>= 7.2.4 < 7.2.127.2.12
fortinetfortios7.2.4 – 7.2.12
fortinetfortios>= 7.4.0 < 7.4.87.4.8
fortinetfortios7.4.0 – 7.4.7
fortinetfortios>= 7.6.0 < 7.6.37.6.3
fortinetfortios7.6.0 – 7.6.2

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability resides in the cw_stad daemon on FortiOS; monitor for unexpected privilege escalation originating from CLI command execution targeting this daemon
  • Detect specially crafted CLI commands submitted to FortiOS that may trigger heap-based buffer overflow in cw_stad, potentially leading to privilege escalation
  • ·Affected FortiOS versions are 7.6.0–7.6.2, 7.4.0–7.4.7, and 7.2.4–7.2.12; ensure detection and patching scope covers all three branches
  • ·CVSS score is 4.2 (Medium) — exploitation requires some level of existing access (e.g., CLI access) to trigger the overflow; factor this into threat model and access-control reviews

CVSS provenance

nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vulncheck4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.