Home / Vulnerability Intelligence / CVE-2025-54820

CVE-2025-54820 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 11, 2026

Fortinet FortiManager - Buffer Overflow

Published: March 10, 2026Updated: March 11, 2026Remote Exploitable

Overview

Fortinet FortiManager 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, and 6.4 contain a stack-based buffer overflow caused by crafted requests, letting remote unauthenticated attackers execute unauthorized commands, exploit requires bypassing stack protection.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 4.1%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute unauthorized commands, potentially leading to full system compromise.

Mitigation

Update to the latest FortiManager version beyond 7.4.2, 7.2.10, or 6.4.

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-098

Social Media Activity(1 post)

BeyondMachines :verified:

@beyondmachines1

Mar 11, 2026

Fortinet FortiManager vulnerability allows remote command execution Fortinet has patched a high-severity stack-based buffer overflow in FortiManager (CVE-2025-54820) that allows remote unauthenticated attackers to execute unauthorized commands by sending crafted requests to the fgtupdates service. **If you are using Fortinet FortiManager, plan a quick patch. In the interim, make sure the HTTP/HTTPS interface is isolated from the internet or disable fgtupdates in the system interface settings to close the attack vector.** #cybersecurity #infosec #advisory #vulnerability https://beyondmachines.net/event_details/critical-fortinet-fortimanager-vulnerability-allows-remote-command-execution-d-2-v-g-c/gD2P6Ple2L

View original post

Related Resources

Details

CVE ID: CVE-2025-54820
Severity: High
CVSS Score: 8.1
Type: buffer_overflow
Status: unconfirmed
EPSS: 4.1%
Social Posts: 1

CWE

CWE-121

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.1%Probability of exploitation in the next 30 days