Main Vulnerability Database Vulnerabilities #VU118605

Stack-based buffer overflow in FortiOS - CVE-2025-58413

Published: November 18, 2025

Vulnerability identifier: #VU118605

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-58413

CWE-ID: CWE-121

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiOS

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the in FortiOS CAPWAP daemon. A remote unauthenticated attacker on the local network can send specially crafted packets to the device, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Note that in the default configuration, the attacker must be in control of an authorized FortiAP for the attack to succeed and have access to the same local IP subnet.

How to mitigate CVE-2025-58413

Install updates from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-25-632

Stack-based buffer overflow in FortiOS - CVE-2025-58413

Detailed vulnerability description

How to mitigate CVE-2025-58413

Sources

Please verify you're human