CVE-2025-58903Unchecked Return Value in Fortinet Fortios

CWE-252Unchecked Return Value4 documents4 sources
Severity
4.9MEDIUMNVD
CNA2.7
EPSS
0.1%
top 80.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortios
Timeline
PublishedOct 14

Description

An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortios6.4.07.4.9+1
CVEListV5fortinet/fortios7.6.07.6.3+4

🔴Vulnerability Details

2
CVEList
CVE-2025-58903: An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 72025-10-14
GHSA
GHSA-9rvw-gg78-wfm7: An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 72025-10-14

📋Vendor Advisories

1
Fortinet
Multiple Unchecked Return Value leading to Null Pointer Dereference2025-10-14
CVE-2025-58903 — Unchecked Return Value in Fortinet | cvebase