CVE-2025-25249
Published: 13 January 2026
Summary
CVE-2025-25249 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Fortinet Fortios. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 mandates timely patching of known vulnerabilities like this heap-based buffer overflow in FortiOS and FortiSwitchManager as advised by Fortinet PSIRT.
SI-16 provides memory protections such as ASLR and non-executable heaps that directly mitigate exploitation of heap-based buffer overflows for unauthorized code execution.
SI-10 requires validation of incoming information, preventing specially crafted packets from triggering the buffer overflow in vulnerable Fortinet network components.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow enables remote code execution against a publicly exposed network service (FortiOS/FortiSwitchManager) via crafted packets, directly mapping to exploitation of public-facing applications.
NVD Description
A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized…
more
code or commands via specially crafted packets
Deeper analysisAI
CVE-2025-25249 is a heap-based buffer overflow vulnerability, associated with CWE-122 and CWE-787, affecting multiple versions of Fortinet FortiOS and FortiSwitchManager. Specifically, vulnerable FortiOS versions include 7.6.0 through 7.6.3, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.0 through 7.0.17, and all versions of 6.4. FortiSwitchManager versions 7.2.0 through 7.2.6 and 7.0.0 through 7.0.5 are also impacted. Published on 2026-01-13, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
A remote network attacker requires no privileges or user interaction but must overcome high attack complexity to exploit the vulnerability using specially crafted packets. Successful exploitation allows execution of unauthorized code or commands, resulting in high impacts to confidentiality, integrity, and availability.
Fortinet's PSIRT advisory FG-IR-25-084, available at https://fortiguard.fortinet.com/psirt/FG-IR-25-084, provides details on mitigation and patching guidance for affected products.
Details
- CWE(s)