CVE-2025-46776

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-46776

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46776.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-46776

Published

2025-11-18T17:16:02.180Z

Modified

2026-03-13T03:22:08.307834Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands.

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-251

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46776.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "7.0.0"
            },
            {
                "fixed": "7.4.8"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.6.0"
            },
            {
                "fixed": "7.6.3"
            }
        ]
    }
]