A stack-based buffer overflow (CWE-121, CVE-2025-54820) in the FortiManager fgtupdates service, with a CVSSv3 score of 7.0, allows remote unauthenticated attackers to execute arbitrary commands via crafted requests if the service is enabled. Affected versions are FortiManager 7.4.0 through 7.4.2 and 7.2.0 through 7.2.10, requiring upgrades to 7.4.3+ and 7.2.11+ respectively, while all versions of 6.4 require migration to a fixed release. As a workaround, administrators can disable the "fgtupdates" service on the affected interface.
PSIRT Buffer overflow via fgtupdates service Summary A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiManager fgtupdates service may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms. Version Affected Solution FortiManager 7.6 Not affected Not Applicable FortiManager 7.4 7.4.0 through 7.4.2 Upgrade to 7.4.3 or above FortiManager 7.2 7.2.0 through 7.2.10 Upgrade to 7.2.11 or above FortiManager 6.4 6.4 all versions Migrate to a fixed release FortiManager Cloud is not affected by this vulnerability. Workaround : If active, disable the "fgtupdates" service. config system interface edit <portID> set serviceaccess <service> end Where is not "fgtupdates". https://docs.fortinet.com/document/fortimanager/7.4.2/administration-guide/581288/configure-a-fortimanager-without-internet-connectivity-to-access-a-local-fortimanager-as-fds Acknowledgement Fortinet is pleased to thank catalpa from Dbappsecurity Co., Ltd. for reporting this vulnerability under responsible disclosure Timeline 2026-03-10: Initial publication IR Number FG-IR-26-098 Published Date Mar 10, 2026 Component OTHERS Severity High CVSSv3 Score 7.0 Impact Execute unauthorized code or commands CVE ID CVE-2025-54820 Download CVRF CSAF