Main Vulnerability Database Vulnerabilities #VU118602

#VU118602 Buffer underflow in FortiOS - CVE-2025-53843

Published: November 18, 2025

Vulnerability identifier: #VU118602

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-53843

CWE-ID: CWE-124

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiOS

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

The vulnerability exists due to buffer underwrite ('buffer underflow') in CAPWAP daemon. A remote authenticated attacker can execute arbitrary code or command as a low privileged user via specially crafted packets.Successful exploitation would require a large amount of effort in preparation because of stack protection and ASLR. Additionally, attacker must be able to pose as an authorized FortiAP or FortiExtender.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-25-358

#VU118602 Buffer underflow in FortiOS - CVE-2025-53843

Description

Remediation

External links

Please verify you're human