Buffer overflow in FortiExtender - CVE-2025-46776
Published: November 18, 2025
Vulnerability identifier: #VU118600
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-46776
CWE-ID: CWE-120
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Fortinet, Inc
Affected software:
FortiExtender
FortiExtender
Detailed vulnerability description
The vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to buffer overflow. An authenticated user can execute arbitrary code or commands via crafted CLI commands.
How to mitigate CVE-2025-46776
Install update from vendor's website.