CVE-2025-58413 in FortiSASE
Summary
by MITRE • 11/18/2025
A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiSASE 25.3.b allows attacker to execute unauthorized code or commands via specially crafted packets
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 11/21/2025
This vulnerability represents a critical stack-based buffer overflow in Fortinet FortiOS versions spanning multiple major releases from 6.0 through 7.6, including FortiSASE 25.3.b. The flaw exists in the network processing stack where specially crafted packets can trigger memory corruption through improper input validation. The vulnerability manifests when the system processes malformed network traffic that exceeds allocated stack buffer boundaries, creating a condition where arbitrary code execution becomes possible. This type of vulnerability falls under CWE-121 stack-based buffer overflow, which is classified as a severe memory safety issue that can lead to complete system compromise.
The technical exploitation of this vulnerability requires an attacker to send specifically crafted network packets that cause the FortiOS kernel to write beyond the bounds of allocated stack memory. When the system processes these malformed packets, the buffer overflow can overwrite adjacent memory locations including return addresses, function pointers, or other critical control data structures. This memory corruption enables attackers to manipulate the execution flow of the operating system and potentially execute arbitrary code with the privileges of the affected service. The vulnerability affects multiple FortiOS versions simultaneously, indicating a fundamental flaw in the packet processing logic that was not properly addressed across the product lineage.
The operational impact of this vulnerability is severe and far-reaching across enterprise network infrastructure. Organizations utilizing affected FortiOS versions face potential complete system compromise, allowing attackers to gain unauthorized access to network traffic, exfiltrate sensitive data, establish persistent backdoors, or disrupt network services. The vulnerability affects firewalls, VPN gateways, and other network security appliances that rely on FortiOS, making it particularly dangerous for organizations with extensive network security deployments. The widespread affected versions mean that organizations across multiple deployment scenarios and security tiers could be impacted, from small businesses to large enterprises with complex network architectures. This vulnerability directly maps to attack techniques in the MITRE ATT&CK framework under T1059 for command and control execution and T1190 for exploit public-facing application.
Mitigation strategies for this vulnerability should prioritize immediate patching of all affected FortiOS versions through official Fortinet security updates. Organizations should implement network segmentation to limit exposure of affected devices and deploy intrusion detection systems to monitor for suspicious packet patterns that may indicate exploitation attempts. Network administrators should also consider disabling unnecessary services and ports that might expose vulnerable components to external traffic. The vulnerability's presence across multiple FortiOS releases underscores the importance of maintaining comprehensive vulnerability management processes and ensuring timely security updates across all network infrastructure components. Additionally, organizations should conduct thorough network audits to identify all instances of affected FortiOS versions and establish monitoring procedures to detect potential exploitation attempts through anomalous network behavior or system access patterns.