Cyber Resilience

CVE-2025-64157

MediumUpdated

Published: 10 February 2026

Published
10 February 2026
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.1th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-64157 is a medium-severity Use of Externally-Controlled Format String (CWE-134) vulnerability in Fortinet Fortios. Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-64157 is a use of externally-controlled format string vulnerability (CWE-134) in Fortinet FortiOS. The affected versions include FortiOS 7.6.0 through 7.6.4, 7.4.0 through 7.4.9, 7.2.0 through 7.2.11, and all versions of FortiOS 7.0. It carries a CVSS v3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating medium severity with high impacts across confidentiality, integrity, and availability.

An authenticated administrator with local access can exploit the vulnerability by submitting specifically crafted configuration data. Successful exploitation allows execution of unauthorized code or commands on the affected system.

Mitigation details are provided in the Fortinet PSIRT advisory at https://fortiguard.fortinet.com/psirt/FG-IR-25-795.

EU & UK References

Vulnerability details

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Format string vulnerability in local config handling directly enables local code/command execution by a privileged admin, mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-40591Same product: Fortinet Fortios
CVE-2026-22153Same product: Fortinet Fortios
CVE-2024-46668Same product: Fortinet Fortios
CVE-2025-53844Same product: Fortinet Fortios
CVE-2024-46670Same product: Fortinet Fortios
CVE-2024-35279Same product: Fortinet Fortios
CVE-2025-53847Same product: Fortinet Fortios
CVE-2024-45324Same product: Fortinet Fortios
CVE-2025-24472Same product: Fortinet Fortios
CVE-2024-55591Same product: Fortinet Fortios

Affected Assets

fortinet
fortios
7.0.0 — 7.4.10 · 7.6.0 — 7.6.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of configuration inputs to reject or sanitize externally-controlled format strings before they reach the vulnerable parser.

prevent

Restricts which authenticated administrators are permitted to submit configuration changes, reducing the population that can supply the crafted data.

prevent

Enforces least privilege so that even authenticated admins lack unnecessary rights to exercise the code-execution path via configuration.

References