CVE-2025-67604

Published May 12, 2026

Last updated 10 days ago

CVSS medium 5.3

Overview

Description: A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.
Source: psirt@fortinet.com
NVD status: Analyzed
Products: fortianalyzer, fortimanager

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.3
Impact score: 3.6
Exploitability score: 1.6
Vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

psirt@fortinet.com: CWE-676

Hype score: Not currently trending

Warning: 1 critical, 1 high, 3 medium vulnerabilities in #Fortinet #FortiOS #FortiSandbox #FortiAP #FortiAnalyzer #FortiManager #CVE-2026-26083 #CVE-2025-53844 #CVE-2025-53870 #CVE-2025-53680 #CVE-2025-67604 CVSS: 9.8-5.3 See: https://t.co/eiPZ3NXU8S & https://t.co/qFyxni6az
@CCBalert
14 May 2026
377 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "5B42B20E-3FBB-4C2E-B7C8-EB5E97A81DB4",
            "versionEndIncluding": "7.2.12",
            "versionStartIncluding": "7.2.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2941DC1A-2CA0-4459-99F3-3D7EBFE8ADEE",
            "versionEndExcluding": "7.4.9",
            "versionStartIncluding": "7.4.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "00645EEE-3E67-4B98-BB49-B23AD1D60B54",
            "versionEndExcluding": "7.6.5",
            "versionStartIncluding": "7.6.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "B4236E74-B734-43AC-A32B-462D6E4B1CFB",
            "versionEndIncluding": "7.2.12",
            "versionStartIncluding": "7.2.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "45291819-E95A-45DC-B79E-DA0AB4BF4E73",
            "versionEndExcluding": "7.4.9",
            "versionStartIncluding": "7.4.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "9F4A9AA3-C6AA-428B-AE1B-61F61658D642",
            "versionEndExcluding": "7.6.5",
            "versionStartIncluding": "7.6.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References