Fortinet FortiManager: Unauthorized Commands Can Be Run Remotely

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

Fortinet FortiManager: Unauthorized Commands Can Be Run Remotely

CVE-2025-54820

Summary

Fortinet's FortiManager software versions 7.4.0 to 7.4.2, and 7.2.0 to 7.2.10, and all versions of 6.4, may allow an attacker to run unauthorized commands on a remote system if they send a specially crafted request. This could potentially allow an attacker to take control of the system. Affected users should update to the latest version of FortiManager to fix this issue.

Original title

Original description

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.

nvd CVSS3.1 8.1

Vulnerability type

CWE-121 Stack-based Buffer Overflow

https://fortiguard.fortinet.com/psirt/FG-IR-26-098

Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026