- Description
- A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortimanager
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
🔴 FortiManager, Stack Buffer Overflow, #CVE-2025-54820 (High) https://t.co/BNLYrMNQXv
@dailycve
13 Mar 2026
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
인증 없이 관리자 권한 강탈... 포티매니저 취약점 공개, 온프레미스 기업 ‘비상’ 포티매니저 ‘fgtupdates’ 서비스 내 스택 기반 버퍼 오버플로 취약점(CVE-2025-54820) 발견 인증 없는 원격 공격으로 사내 연결된 하
@rokmc_sns
12 Mar 2026
117 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet's FortiManager fgtupdates service vulnerability (CVE-2025-54820) allows remote code execution. Upgrade now to secure your systems! Link: https://t.co/7eHZ6gb3T6 #Security #Vulnerability #Exploit #Patch #Update #Software #Network #Technology #Cyber #Protection #Threat htt
@dailytechonx
11 Mar 2026
17 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ CVE-2025-54820: Fortinet (CVSS: 7.0)... Stack smashing FortiManager across 3+ major versions with unauthenticated RCE - ASLR/DEP bypass required but when has t... https://t.co/OKfq978p6n #netsec #vulnerability #CVE #sysadmin #zeroday
@0dayPublishing
11 Mar 2026
154 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 FortiManager Flaw Opens Path to Remote Command Execution on Centralized Security Controllers Fortinet disclosed CVE-2025-54820, a high-severity stack-based buffer overflow in FortiManager’s fgtupdates service that can let attackers send crafted requests to execute unauthor
@ThreatSynop
11 Mar 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
フォーティネットのFortiManagerで深刻な任意コマンド実行の脆弱性が修正。CVE-2025-54820はCVSSスコア7.0で、fgtupdatesにおけるバッファオーバーフロー。細工されたリクエストを送ることで、遠隔から無認証で発現。
@__kokumoto
10 Mar 2026
724 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
Fortinet issues security advisory for 11 flaws in FortiManager, FortiAnalyzer, FortiSwitchAXFixed, FortiSandbox, incl. CVE-2025-54820 allowing remote unauth command exec via fgtupdates. Patch now. #Vulnerability https://t.co/wZdpDZTAPP
@threatcluster
10 Mar 2026
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D032DF6-3C57-4EB8-8B65-CB3330FB2440",
"versionEndExcluding": "7.2.11",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4490512-36ED-4212-9D34-D74739A56E84",
"versionEndExcluding": "7.4.3",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]