CVE-2025-58903 MEDIUM

Published: 2025-10-14 | Last Modified: 2026-06-09 | Status: Modified

Description

An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request.

CVSS Metrics

Base Score: 4.9 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	HIGH
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.2

Impact Score: 3.6

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-252

Affected Products

Vendor	Product	Version	Update	Type
fortinet	fortios	*	<built-in method update of dict object at 0x7d1e5fe0b540>	Operating System
fortinet	fortios	*	<built-in method update of dict object at 0x7d1ebce80900>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fortinet:fortios::::::::`
Yes	`cpe:2.3:o:fortinet:fortios::::::::`

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-653
Source: [email protected]

Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e