CVE-2025-54820 HIGH

CVE-2025-54820

Vendor Fortinet
Product FortiManager
Weakness CWE-121
Published March 10, 2026
Last update March 12, 2026

CVSS base score

7.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R

What the vulnerability does

01Description

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.

Key dates

02Disclosure timeline

March 10, 2026 CVE published
March 12, 2026 Record updated