Cyber Resilience

CVE-2025-67604

Medium

Published: 12 May 2026

Published
12 May 2026
Modified
15 May 2026
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0014 34.2th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67604 is a medium-severity Use of Potentially Dangerous Function (CWE-676) vulnerability in Fortinet Fortianalyzer. Its CVSS base score is 5.3 (Medium).

Operationally, ranked at the 34.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all…

more

versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fortinet
fortianalyzer
7.2.0 — 7.2.12 · 7.4.0 — 7.4.9 · 7.6.0 — 7.6.5
fortinet
fortimanager
7.2.0 — 7.2.12 · 7.4.0 — 7.4.9 · 7.6.0 — 7.6.5

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References