CVE-2025-58413: 
FortiOS Schwachstellenanalyse und -minderung

A stack-based buffer overflow vulnerability (CVE-2025-58413) was discovered in the FortiOS CAPWAP daemon, affecting multiple versions of FortiOS (7.6.0 through 7.6.3, 7.4.0 through 7.4.8, and all versions of 7.2, 7.0, 6.4, 6.2, 6.0) and FortiSASE 25.3.b. The vulnerability was internally discovered by Gwendal Guégniaud of Fortinet Product Security team and was initially disclosed on November 18, 2025 (Fortinet Advisory, NVD).

The vulnerability is classified as a stack-based buffer overflow (CWE-124) that exists in the CAPWAP daemon. It has been assigned a CVSSv3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability requires the attacker to be on an adjacent network and have access to the same local IP subnet. Successful exploitation would require defeating stack protection and ASLR mechanisms (Fortinet Advisory).

If successfully exploited, this vulnerability allows a remote unauthenticated attacker to achieve arbitrary code execution by sending specially crafted packets. However, in the default configuration, the attacker must be in control of an authorized FortiAP for the attack to succeed (Fortinet Advisory).

Fortinet has released patches for affected versions and recommends upgrading to FortiOS 7.6.4 or above for 7.6.x versions, and 7.4.9 or above for 7.4.x versions. For other affected versions, users should migrate to a fixed release. Additionally, several workarounds are available: disabling security fabric access into interface, allowing only legitimate devices in Wifi Controller > Managed FortiAPs, and removing inter-controller-peer elements in wireless-controller inter-controller configuration. Users should ensure auto-auth-extension-device remains disabled (Fortinet Advisory).