CVE-2025-67604
MEDIUMDescription
A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.
Is your site exposed to CVE-2025-67604?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| fortinet | fortianalyzer |
| fortinet | fortianalyzer |
| fortinet | fortianalyzer |
| fortinet | fortimanager |
| fortinet | fortimanager |
| fortinet | fortimanager |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-67604? +
How severe is CVE-2025-67604? +
What products are affected by CVE-2025-67604? +
How do I check if I'm vulnerable to CVE-2025-67604? +
Related Vulnerabilities
Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to …
Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass
FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689.
Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks …
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, files in …
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to …