CVE-2025-43892 PUBLISHED

Assigner: fortinet
Reserved: 18.04.2025 Published: 14.07.2026 Updated: 14.07.2026

A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CVSS Score: 4.1

Product Status

Vendor Fortinet
Product FortiOS
Versions Default: unaffected
  • affected from 7.4.0 to 7.4.3 (incl.)
  • affected from 7.2.0 to 7.2.13 (incl.)
  • affected from 7.0.0 to 7.0.19 (incl.)

Solutions

Upgrade to FortiOS version 7.6.4 or above Upgrade to FortiOS version 7.4.9 or above Fortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action. Upgrade to FortiProxy version 7.6.6 or above Upgrade to FortiProxy version 7.4.14 or above

References

Problem Types

  • Information disclosure CWE