Buffer overflow via fgtupdates service

Plan Patch7FG-IR-26-098Mar 10, 2026

Fortinet

IT in OT - Fortinet products are commonly deployed at IT/OT network boundaries

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

A stack overflow vulnerability exists in the fgtupdates service on FortiManager. An attacker can send a specially crafted request to the service to overflow a stack buffer and potentially execute arbitrary code on the appliance. This vulnerability affects FortiManager versions 6.4 (all versions), 7.2.0–7.2.10, and 7.4.0–7.4.2.

What this means

What could happen

An attacker with network access to the fgtupdates service could trigger a buffer overflow, potentially gaining the ability to execute arbitrary code on the FortiManager appliance and compromise your entire centralized firewall management infrastructure.

Who's at risk

Utilities and any organization using Fortinet FortiManager as a centralized firewall management appliance. This affects the control point for all managed FortiGate firewalls across your network infrastructure.

How it could be exploited

An attacker sends a specially crafted request to the fgtupdates service (network-accessible) that overflows a stack buffer, overwriting memory and allowing code execution on the FortiManager. No authentication or user interaction is required.

Prerequisites

Network access to the fgtupdates service port
Ability to send crafted network packets to the FortiManager appliance

remotely exploitableno authentication requiredaffects centralized management infrastructurehigh CVSS score

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

FortiManager7.4.0 - 7.4.27.4.3+

FortiManager7.2.0 - 7.2.107.2.11+

FortiManager6.4 all versionsMigrate to fixed release

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to the fgtupdates service to only trusted management networks using firewall rules

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

FortiManager

HOTFIXUpdate FortiManager 7.4.x to version 7.4.3 or later

HOTFIXUpdate FortiManager 7.2.x to version 7.2.11 or later

HOTFIXMigrate FortiManager 6.4 systems to a supported and patched version (7.2.11+ or 7.4.3+)

Long-term hardening

0/1

FortiManager

HARDENINGPlace FortiManager on a dedicated management network segment isolated from operational networks

CVEs (1)

CVE-2025-54820

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d256be42-c8a5-4d15-87bb-baedd0c20d27

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.