Main Vulnerability Database Vulnerabilities #VU118605

#VU118605 Stack-based buffer overflow in FortiOS - CVE-2025-58413

Published: November 18, 2025

Vulnerability identifier: #VU118605

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-58413

CWE-ID: CWE-121

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
FortiOS

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the in FortiOS CAPWAP daemon. A remote unauthenticated attacker on the local network can send specially crafted packets to the device, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Note that in the default configuration, the attacker must be in control of an authorized FortiAP for the attack to succeed and have access to the same local IP subnet.

Remediation

Install updates from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-25-632

#VU118605 Stack-based buffer overflow in FortiOS - CVE-2025-58413

Description

Remediation

External links

Please verify you're human