VYPR
Unrated severityNVD Advisory· Published Oct 14, 2025· Updated Feb 26, 2026

CVE-2025-22258

CVE-2025-22258

Description

A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy 7.6.0 through 7.6.1, 7.4.0 through 7.4.7, FortiOS 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.2 through 7.0.16, FortiSwitchManager 7.2.1 through 7.2.5 allows attackers to escalate their privilege via specially crafted http requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • Fortinet/Fortiproxyv52 versions
    cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*range: 7.6.0
    • (no CPE)range: = 7.6.0 - 7.6.1, 7.4.0 - 7.4.7
  • Fortinet/FortiSRAcpe-rescue2 versions
    cpe:2.3:a:fortinet:fortisra:1.5.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fortinet:fortisra:1.5.0:*:*:*:*:*:*:*range: 1.5.0
    • (no CPE)range: = 1.5.0, 1.4.0 - 1.4.2
  • cpe:2.3:a:fortinet:fortiswitchmanager:7.2.5:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fortinet:fortiswitchmanager:7.2.5:*:*:*:*:*:*:*range: 7.2.1
    • (no CPE)range: = 7.2.1 - 7.2.5
  • Fortinet/Fortiosv52 versions
    cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*range: 7.6.0
    • (no CPE)range: = 7.6.0 - 7.6.2, 7.4.0 - 7.4.6, 7.2.0 - 7.2.10, 7.0.2 - 7.0.16
  • Fortinet/Fortipamv52 versions
    cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*range: 1.5.0
    • (no CPE)range: = 1.5.0, 1.4.0 - 1.4.2, 1.3.0 - 1.3.1, 1.2.0, 1.1.0 - 1.1.2, 1.0.0 - 1.0.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.