Medium severity5.3NVD Advisory· Published May 12, 2026· Updated May 15, 2026
CVE-2025-67604
CVE-2025-67604
Description
A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*range: >=7.2.0,<=7.2.12
- (no CPE)range: >=7.6.0 <=7.6.4, >=7.4.0 <=7.4.8, 7.2 all versions, 7.0 all versions, 6.4 all versions
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*range: >=7.2.0,<=7.2.12
- (no CPE)range: >=7.6.0 <=7.6.4, >=7.4.0 <=7.4.8, 7.2 all versions, 7.0 all versions, 6.4 all versions
Patches
Vulnerability mechanics
References
1- fortiguard.fortinet.com/psirt/FG-IR-26-137nvdVendor Advisory
News mentions
0No linked articles in our index yet.