CVE-2025-47294: 
FortiOS vulnerability analysis and mitigation

CVE-2025-47294 is an integer overflow or wraparound vulnerability discovered in Fortinet FortiOS Security Fabric. The vulnerability was initially disclosed on May 13, 2025, affecting FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14, and all versions of FortiOS 6.4, while versions 7.4 and 7.6 are not affected (Fortinet PSIRT, NVD).

The vulnerability is classified as an integer overflow or wraparound (CWE-190) that affects the csfd daemon in FortiOS Security Fabric. It has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (NVD, Wiz).

When successfully exploited, this vulnerability allows a remote unauthenticated attacker to crash the csfd daemon through a specially crafted request, resulting in a denial of service condition (Fortinet PSIRT, Wiz).

Fortinet has released patches to address this vulnerability. Users of FortiOS 7.2.0 through 7.2.7 should upgrade to version 7.2.8 or above, while users of FortiOS 7.0.0 through 7.0.14 should upgrade to version 7.0.15 or above. Users of FortiOS 6.4 all versions should migrate to a fixed release (Fortinet PSIRT).