CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2025-67604

unknowncovered by 1 sourcefirst seen 2026-05-12
CVSSv3 Score: 5.2 A use of potentially Dangerous Function vulnerability [CWE-676] in FortiAnalyzer and FortiManager API may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker. Revised on 2026-05-12 00:00:00

CSIRTS triage

What
A use of potentially Dangerous Function vulnerability may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests.
Who is affected
Authenticated users of FortiAnalyzer and FortiManager are affected.
Urgency
Remediation is necessary as this vulnerability can lead to system crashes.
Action
Apply the latest patches for FortiAnalyzer and FortiManager.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2025-67604

Get an email if CVE-2025-67604 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2025-67604

CVE.org record

Embed the live status

CVE-2025-67604 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2025-67604 status](https://www.csirts.com/badge/CVE-2025-67604)](https://www.csirts.com/cve/CVE-2025-67604)