Buffer Overflow Vulnerability in Fortinet FortiExtender Products
CVE-2025-46776

6.3MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiextender
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-46776?

A buffer overflow vulnerability within Fortinet's FortiExtender can potentially allow authenticated users to execute arbitrary code. This issue arises due to improper size checks on input during the buffer copy operation. Specifically, the vulnerability affects FortiExtender versions 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, and all versions of 7.2 and 7.0. Attackers may exploit this flaw by sending crafted CLI commands, which can lead to unauthorized execution of malicious code.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiExtender 7.6.0 <= 7.6.1

FortiExtender 7.4.0 <= 7.4.6

FortiExtender 7.2.0 <= 7.2.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-251

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Apr 29, 2025

JSON

Fortinet

What is CVE-2025-46776?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.