Introduction
Remote code execution on a perimeter firewall can enable attackers to bypass network defenses, pivot into internal systems, and disrupt business operations. CVE-2025-58413 highlights a significant risk for organizations relying on Fortinet FortiOS and FortiSASE, as it allows unauthenticated attackers to execute arbitrary code via network packets.
Fortinet is a major player in the global cybersecurity market, best known for its FortiGate firewalls and FortiOS operating system. With millions of devices deployed worldwide across enterprises, service providers, and critical infrastructure, vulnerabilities in Fortinet products can have wide-reaching impact.
Technical Information
CVE-2025-58413 is a stack-based buffer overflow vulnerability classified under CWE-121. The flaw resides in the network packet processing logic of Fortinet FortiOS and FortiSASE. When the system receives specially crafted packets, it fails to properly validate input length before copying data into a stack-allocated buffer. This can lead to overwriting of stack memory, including return addresses and local variables, enabling attackers to hijack control flow and execute arbitrary code or commands with the privileges of the affected process. The attack does not require authentication, making any exposed system a potential target.
The vulnerability affects core networking components, but the specific function or code path is not detailed in public advisories. There are no public code snippets, proof of concept exploits, or detailed technical diagrams available for this vulnerability. The issue is tracked in Fortinet's advisory FG-IR-25-632 and assigned a CVSS score of 7.5, reflecting its high severity and ease of exploitation.
Affected Systems and Versions
CVE-2025-58413 affects the following Fortinet products and versions:
- FortiOS 7.6.0 through 7.6.3
- FortiOS 7.4.0 through 7.4.8
- FortiOS 7.2 (all versions)
- FortiOS 7.0 (all versions)
- FortiOS 6.4 (all versions)
- FortiOS 6.2 (all versions)
- FortiOS 6.0 (all versions)
- FortiSASE 25.3.b
Any system running one of these versions is vulnerable if exposed to attacker-controlled network traffic. The vulnerability can be triggered remotely without authentication.
Vendor Security History
Fortinet has experienced multiple critical vulnerabilities in recent years, including stack-based buffer overflows (such as CVE-2025-32756), heap-based buffer overflows, path traversal, and authentication bypass flaws. Some of these issues have been exploited in the wild before public disclosure. Fortinet's patch response is generally prompt after advisories are published, but the company has been criticized for silent patching and delayed CVE publication, which can delay risk assessment and remediation for customers.
