Fortinet has issued a security alert regarding a high-severity vulnerability affecting its FortiManager platform.
Tracked as CVE-2025-54820 and carrying a CVSS score of 7.0, this flaw allows remote, unauthenticated attackers to execute unauthorized commands.
Because FortiManager is designed to centrally manage multiple Fortinet security devices, securing these systems is critical to maintaining a strong network perimeter.
Understanding the Vulnerability
The security defect is categorized as a stack-based buffer overflow (CWE-121) residing within the fgtupdates service of FortiManager.
When this specific service is active, attackers can exploit the weakness by sending specially crafted requests to the targeted device over the network.
If an attacker successfully triggers the overflow, they can execute arbitrary code or unauthorized commands on the underlying system.
However, Fortinet notes that the success of this attack is not guaranteed. Threat actors must bypass the system’s built-in stack protection mechanisms to weaponize the exploit.
Furthermore, the vulnerability is entirely dependent on the fgtupdates service being enabled; if the service is turned off, the attack path is closed.
The vulnerability impacts several older branches of FortiManager. Administrators should review their network infrastructure to identify the following affected versions:
- FortiManager 7.4 versions 7.4.0 through 7.4.2 are vulnerable.
- FortiManager 7.2 versions 7.2.0 through 7.2.10 are vulnerable.
- FortiManager 6.4 all versions are completely vulnerable.
Fortinet has confirmed that FortiManager 7.6 is fully protected against this flaw and remains unaffected.
Additionally, organizations utilizing FortiManager Cloud are not exposed to this vulnerability and require no further action.
Official Solutions and Upgrades
Fortinet strongly recommends that organizations upgrade their FortiManager deployments to a secure version to prevent potential remote exploitation.
The official upgrade paths include:
- Users on the 7.4 branch should upgrade to version 7.4.3 or later.
- Users on the 7.2 branch should upgrade to version 7.2.11 or later.
- Users running version 6.4 must migrate to a supported and fixed release branch.
The vulnerability was discovered and reported through responsible disclosure by security researcher catalpa from Dbappsecurity Co., Ltd.
For organizations unable to immediately patch their systems, Fortinet has provided a temporary mitigation strategy.
Administrators can neutralize the threat by disabling the fgtupdates service using the FortiManager command-line interface.
To apply the workaround, administrators must navigate to the system interface configuration and adjust the service access list. The required commands are:
config system interfaceeditset serviceaccess(Ensure you only include required services and omitfgtupdates).end
By removing fgtupdates from the active service access list, organizations can effectively block the vulnerability from being exploited until a proper firmware patch can be applied.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
