Unrated severityNVD Advisory· Published Oct 14, 2025· Updated Jan 14, 2026

CVE-2025-58903

Description

An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request.

Affected products

Fortinet/Fortiosv52 versions
cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*range: 7.6.0
- (no CPE)range: >=7.6.0 <=7.6.3 or <7.4.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.fortinet.com/psirt/FG-IR-25-653mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000