CVE-2025-67604
CVSS Score
5.2
EPSS Score
0.0%
EPSS Percentile
0th
A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.
| CWE | CWE-676 |
| Vendor | fortinet |
| Product | fortianalyzer |
| Ecosystems | |
| Industries | NetworkingSecurity |
| Published | May 12, 2026 |
| Last Updated | May 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for fortinet fortianalyzer
Be the first to know when new medium vulnerabilities affecting fortinet fortianalyzer are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
Fortinet / FortiAnalyzer
7.6.0 ≤ 7.6.4 7.4.0 ≤ 7.4.8 7.2.0 ≤ 7.2.12 7.0.0 ≤ 7.0.16 6.4.0 ≤ 6.4.15
Fortinet / FortiManager
7.6.0 ≤ 7.6.4 7.4.0 ≤ 7.4.8 7.2.0 ≤ 7.2.12 7.0.0 ≤ 7.0.16 6.4.0 ≤ 6.4.15