Buffer Overflow Vulnerability in Fortinet FortiExtender Products
CVE-2025-46776

6.3MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiextender
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-46776?

A buffer overflow vulnerability within Fortinet's FortiExtender can potentially allow authenticated users to execute arbitrary code. This issue arises due to improper size checks on input during the buffer copy operation. Specifically, the vulnerability affects FortiExtender versions 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, and all versions of 7.2 and 7.0. Attackers may exploit this flaw by sending crafted CLI commands, which can lead to unauthorized execution of malicious code.

Affected Version(s)

FortiExtender 7.6.0 <= 7.6.1

FortiExtender 7.4.0 <= 7.4.6

FortiExtender 7.2.0 <= 7.2.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-251

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Apr 29, 2025

JSON