CVE-2025-67604 PUBLISHED

Assigner: fortinet
Reserved: 09.12.2025 Published: 12.05.2026 Updated: 12.05.2026

A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C
CVSS Score: 5.2

Product Status

Vendor Fortinet
Product FortiAnalyzer
Versions Default: unaffected
  • affected from 7.6.0 to 7.6.4 (incl.)
  • affected from 7.4.0 to 7.4.8 (incl.)
  • affected from 7.2.0 to 7.2.12 (incl.)
  • affected from 7.0.0 to 7.0.16 (incl.)
  • affected from 6.4.0 to 6.4.15 (incl.)
Vendor Fortinet
Product FortiManager
Versions Default: unaffected
  • affected from 7.6.0 to 7.6.4 (incl.)
  • affected from 7.4.0 to 7.4.8 (incl.)
  • affected from 7.2.0 to 7.2.12 (incl.)
  • affected from 7.0.0 to 7.0.16 (incl.)
  • affected from 6.4.0 to 6.4.15 (incl.)

Solutions

Upgrade to FortiAnalyzer version 8.0.0 or above Upgrade to FortiAnalyzer version 7.6.5 or above Upgrade to FortiAnalyzer version 7.4.9 or above Upgrade to FortiWeb version 8.0.3 or above Upgrade to FortiWeb version 7.6.7 or above Upgrade to FortiManager version 8.0.0 or above Upgrade to FortiManager version 7.6.5 or above Upgrade to FortiManager version 7.4.9 or above Upgrade to upcoming FortiVoice version 8.0.0 or above Upgrade to upcoming FortiVoice version 7.4.2 or above Upgrade to upcoming FortiSandbox version 5.2.0 or above Upgrade to FortiSandbox version 5.0.6 or above

References

Problem Types

  • Denial of service CWE