CVE-2025-64157

medium

Fortinet

CVSS v3 Base Score

6.7

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Published: February 10, 2026

Last Modified: February 12, 2026

Vendor: Fortinet

Description

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.

CWE

CWE-134

Affected Products

fortinet fortios

References

🔗 fortiguard.fortinet.com

CVE-2025-64157

Vulnerability Report

Description

CWE

Affected Products

References