CVE-2025-67604

Published: May 12, 2026

Modified: May 12, 2026

PUBLISHED

CVSS v3.1

5.2

MEDIUM

Description

A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.

Vendor	Product	Versions
Fortinet	FortiAnalyzer	affected `7.6.0 - <= 7.6.4` affected `7.4.0 - <= 7.4.8` affected `7.2.0 - <= 7.2.12` affected `7.0.0 - <= 7.0.16` affected `6.4.0 - <= 6.4.15`
Fortinet	FortiManager	affected `7.6.0 - <= 7.6.4` affected `7.4.0 - <= 7.4.8` affected `7.2.0 - <= 7.2.12` affected `7.0.0 - <= 7.0.16` affected `6.4.0 - <= 6.4.15`

Weaknesses (CWE)

CWE-676

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-137

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-67604

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References