CVE-2025-43892
Undergoing Analysis
Undergoing Analysis - In Progress
Buffer Over-Read in Fortinet FortiOS
Vulnerability report for CVE-2025-43892, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-14
Last updated on: 2026-07-14
Assigner: Fortinet, Inc.
Description
Description
A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortios | From 7.6.0 (inc) to 7.6.2 (inc) |
| fortinet | fortios | From 7.4.0 (inc) to 7.4.8 (inc) |
| fortinet | fortios | 7.2 |
| fortinet | fortiproxy | From 7.6.0 (inc) to 7.6.2 (inc) |
| fortinet | fortiproxy | From 7.4.0 (inc) to 7.4.8 (inc) |
| fortinet | fortiproxy | 7.2 |
| fortinet | fortisase | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |