FortiOS Buffer Overflow vulnerability Enables Remote Code Execution by Attackers
Fortinet has disclosed a critical security vulnerability in FortiOS that could allow authenticated attackers to execute arbitrary code through a heap-based buffer overflow in the cw_stad daemon, affecting multiple versions of the popular network security operating system.
Critical Security Flaw Discovered in FortiOS
Fortinet announced today the discovery of a significant security vulnerability, designated as CVE-2025-24477, affecting several versions of FortiOS.
| CVE Number | Description | CVSS Score |
| CVE-2025-24477 | Escalation of privilege | 4.0 (Medium) |
The vulnerability, classified as a heap-based buffer overflow (CWE-122), resides in the cw_stad daemon and poses a serious threat to organizations running affected FortiOS versions.
While the vulnerability requires authentication to exploit, successful attacks could result in complete system compromise through arbitrary code execution.
The security flaw was internally discovered and reported by Gwendal Guégniaud of Fortinet’s Product Security team, demonstrating the company’s proactive approach to identifying and addressing security issues within their products.
The vulnerability has been assigned a medium severity rating with a CVSS v3 score of 4.0, though the potential for privilege escalation makes it a priority concern for administrators.
Affected Systems and Versions
The vulnerability impacts specific FortiOS versions across multiple major releases, with FortiOS 7.0 and 6.4 versions remaining unaffected.
The security issue particularly affects systems configured as wireless clients, with eight specific FortiWifi models identified as vulnerable when operating in this configuration.
| Version | Affected Range | Solution |
| FortiOS 7.6 | 7.6.0 through 7.6.1 | Upgrade to 7.6.3 or above |
| FortiOS 7.4 | 7.4.0 through 7.4.7 | Upgrade to 7.4.8 or above |
| FortiOS 7.2 | 7.2.4 through 7.2.11 | Upgrade to 7.2.12 or above |
| FortiOS 7.0 | Not affected | Not Applicable |
| FortiOS 6.4 | Not affected | Not Applicable |
The vulnerable FortiWifi models include FWF_80F_2R_3G4G_DSL, FWF_80F_2R, FWF_81F_2R_3G4G_DSL, FWF_81F_2R_3G4G_POE, FWF_81F_2R, FWF_81F_2R_POE, FWF_90G_2R, and FWF_91G_2R, but only when configured as wireless clients.
Organizations running affected FortiOS versions should prioritize immediate upgrades to the patched versions.
Fortinet has made upgrade tools available through their documentation portal to assist administrators in following the recommended upgrade paths.
The company emphasizes that the vulnerability can be exploited through specifically crafted requests, making it essential for organizations to apply patches without delay.
While the authentication requirement reduces the immediate risk of widespread exploitation, the potential for privilege escalation and arbitrary code execution makes this vulnerability particularly concerning for environments where attackers might have already gained initial access credentials.
Stay Updated on Daily Cybersecurity News . Follow us on Google News, LinkedIn, and X.
Source link
