Introduction
Attackers can gain unauthorized code execution on Fortinet FortiOS appliances by sending specially crafted packets, potentially compromising critical network infrastructure. This vulnerability affects a broad range of FortiOS versions, making it relevant for enterprises with diverse FortiGate deployments.
Fortinet is a leading provider of network security solutions, best known for its FortiGate firewalls and the FortiOS operating system. With a global footprint and a wide range of security products, Fortinet's technology is deployed in enterprises, service providers, and government agencies worldwide.
Technical Information
CVE-2025-53843 is a stack-based buffer overflow vulnerability in Fortinet FortiOS. The flaw is triggered when a vulnerable device receives specially crafted packets. Classified under CWE-121, this vulnerability arises from improper memory handling on the stack. When a buffer allocated on the stack is overrun, adjacent memory—including function return addresses—can be overwritten. This can allow an attacker to execute arbitrary code or commands on the device.
The vulnerability affects multiple major and minor versions of FortiOS, suggesting the root cause lies in shared or long-standing code. The exact protocol or packet structure required to exploit this issue has not been made public. No vulnerable code snippets or proof of concept have been released.
Affected Systems and Versions
- FortiOS 7.6.0 through 7.6.3
- FortiOS 7.4.0 through 7.4.8
- FortiOS 7.2 (all versions)
- FortiOS 7.0 (all versions)
- FortiOS 6.4 (all versions)
No specific configuration requirements or exclusions are documented in public sources.
Vendor Security History
Fortinet has a documented history of buffer overflow and memory corruption vulnerabilities in FortiOS and related products. Previous advisories have covered similar stack-based and heap-based issues, often affecting multiple version branches simultaneously. The company is generally prompt in releasing patches, but some advisories have been criticized for delayed public disclosure. Fortinet regularly collaborates with the security research community and maintains an active PSIRT.
