CVE-2025-47295: 
FortiOS vulnerability analysis and mitigation

A buffer over-read vulnerability (CVE-2025-47295) was discovered in FortiOS, affecting multiple versions including 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, and 7.0.0 through 7.0.14. The vulnerability was discovered internally by Fortinet R&D and initially published on May 13, 2025 (Fortinet PSIRT, CVE Details).

The vulnerability is classified as a buffer over-read issue (CWE-126) in the FGFM (FortiGate FortiManager) daemon. It has been assigned a CVSSv3 score of 3.4, indicating a low severity level. The vulnerability can only be triggered under specific conditions that are outside of the attacker's control (Fortinet PSIRT).

If successfully exploited, the vulnerability allows a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, resulting in a denial of service condition (Fortinet PSIRT, NVD).

Fortinet has released patches to address this vulnerability. Users are advised to upgrade to FortiOS version 7.4.4 or above for the 7.4 branch, version 7.2.8 or above for the 7.2 branch, and version 7.0.15 or above for the 7.0 branch. Users running FortiOS 6.4 should migrate to a fixed release. Fortinet provides an upgrade tool to determine the recommended upgrade path (Fortinet PSIRT).