CNNVD-202601-2159 Information
CNNVD ID
CNNVD-202601-2159
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
Fortinet FortiOS等都是美国飞塔(Fortinet)公司的产品。Fortinet FortiOS是一套专用于FortiGate网络安全平台上的安全操作系统。Fortinet FortiSwitchManager是一款网络交换机管理工具,旨在帮助组织管理其 FortiSwitch 系列网络交换机。Fortinet FortiSASE是一款应用程序。 Fortinet多款产品存在缓冲区错误漏洞,该漏洞源于基于堆的缓冲区溢出,可能导致攻击者通过特制数据包执行未经授权的代码或命令。以下产品及版本受到影响:FortiOS 7.6.0版本至7.6.3版本、FortiOS 7.4.0版本至7.4.8版本、FortiOS 7.2.0版本至7.2.11版本、FortiOS 7.0.0版本至7.0.17版本、FortiOS 6.4.0版本至6.4.16版本、FortiSASE 25.2.b版本、FortiSASE 25.1.a.2版本、FortiSwitchManager 7.2.0版本至7.2.6版本和FortiSwitchManager 7.0.0版本至7.0.5版本。
Description (English)
Fortinet FortiOS and others are products of Fortinet. Fortinet FortiOS is a secure operating system dedicated to the FortiGate network security platform. Fortinet FortiSwitchManager is a network switch management tool designed to help organizations manage their FortiSwitch series network switches. Fortinet FortiSASE is an application. Fortinet’s multiple products have a buffer zone error loophole, which stems from the spilling of a pile-based buffer zone, which could lead to unauthorized codes or orders being executed by the attackers through specially designed data packages. The following products and versions were affected: FortiOS 7.6.0 to 7.6.3; FortiOS 7.4.0 to 7.4.8; FortiOS 7.2.0, 7.2.11; FortiOS 7.0.0 to 7.0.17; FortiOS 6.4.0 to 6.4.16; FortiSASE 25.2.b; FortiSASE 25.1.1.a.2, FortiSwitchManager 7.2.0 to 7.2.6 and FortiSwitchManager 7.0.0 to 7.5.5.
Hazard Level
Low
Vulnerability Type
缓冲区错误
Affected Vendor
飞塔
Published
2026-01-13
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-084 https://access.redhat.com/security/cve/cve-2025-25249
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-25-084
Share on: