A high-severity stack-based buffer overflow vulnerability in Fortinet's FortiManager platform has been made public This article explores vulnerability fortinet. . This vulnerability may enable remote, unauthenticated attackers to carry out unauthorized commands.
The vulnerability, which has a CVSSv3 score of 7.0 and is tracked as CVE-2025-54820, puts enterprise network management systems using impacted FortiManager versions at serious risk. The FortiManager fgtupdates service is the source of the vulnerability. By sending specially constructed requests to the service, a remote unauthenticated attacker can take advantage of this vulnerability and possibly allow unauthorized code execution on the targeted system. The problem is that conditional exploitation is only feasible if the device's fgtupdates service is actively enabled.
Furthermore, for an exploitation to be successful, the attacker must get around current stack protection measures, which raises the complexity of the attack and results in a High CVSS rating as opposed to Critical. On March 10, 2026, Fortinet released the advisory under internal reference FG-IR-26-098. Researcher Catalpa from Dbappsecurity Co., Ltd. responsibly revealed the vulnerability.
Affected Versions It has been confirmed that the following FortiManager versions are impacted: Suggested Action for Version Affected Builds FortiManager 7.6 Unaffected FortiManager 7.4 7.4.0 through 7.4.2 are not applicable. Update FortiManager 7.2 7.2.0 through 7.2.10 to 7.4.3 or higher. Update to version 7.2.11 or higher FortiManager 6.4 Every version Change to a fixed release Notably, this vulnerability only affects on-premises deployments and does not affect FortiManager Cloud.
Mitigation and Workaround As the main remediation strategy, Fortinet strongly advises updating to the corresponding patched releases. As a temporary workaround, Fortinet suggests turning off the fgtupdates service for organizations that are unable to apply patches right away. The following CLI configuration allows administrators to remove fgtupdates from the service access list on the relevant interface: System interface for textconfig modify
To centrally manage Fortinet security fabric devices, FortiManager is extensively used in government and business settings. Even in certain circumstances, any vulnerability that permits unauthenticated remote code execution constitutes a significant attack surface.
Network management platforms are being targeted by threat actors more frequently as hubs for lateral movement and continuous access throughout managed infrastructure. For daily cybersecurity updates, security teams should audit active FortiManager services right away, apply any available patches, and keep an eye out for unusual access to the fgtupdates service endpoint, LinkedIn, and X. To have your stories featured, get in touch with us.
