FortiOS Buffer Overflow vulnerability Enables Remote Code Execution by Attackers
gbhackersFortinet has disclosed a critical security vulnerability in FortiOS that could allow authenticated attackers to execute arbitrary code through a heap-based buffer overflow in the cw_stad daemon, affecting multiple versions of the popular network security operating system.
Critical Security Flaw Discovered in FortiOS
Fortinet announced today the discovery of a significant security vulnerability, designated as CVE-2025-24477, affecting several versions of FortiOS.
| CVE Number | Description | CVSS Score |
| CVE-2025-24477 | Escalation of privilege | 4.0 (Medium) |
The vulnerability, classified as a heap-based buffer overflow (CWE-122), resides in the cw_stad daemon and poses a serious threat to organizations running affected FortiOS versions.
While the vulnerability requires authentication to exploit, successful attacks could result in complete system compromise through arbitrary code execution.
The security flaw was internally discovered and reported by Gwendal Guégniaud of Fortinet’s Product Security team, demonstrating the company’s proactive approach to identifying and addressing security issues within their products.
The ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE