{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-46776", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2025-04-29T08:42:13.449Z", "datePublished": "2025-11-18T17:01:17.437Z", "dateUpdated": "2025-11-18T18:34:05.679Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiExtender", "cpes": ["cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.6.0", "lessThanOrEqual": "7.6.1", "status": "affected"}, {"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.6", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.5", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.5", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-11-18T17:01:17.437Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-120", "description": "Escalation of privilege", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to FortiExtender version 7.6.3 or above\nUpgrade to upcoming FortiExtender version 7.4.8 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-251", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-251"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-18T18:33:55.201822Z", "id": "CVE-2025-46776", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-18T18:34:05.679Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46776", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-18T18:33:55.201822Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-18T18:34:01.827Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiExtender", "versions": [{"status": "affected", "version": "7.6.0", "versionType": "semver", "lessThanOrEqual": "7.6.1"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.6"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.5"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.5"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to FortiExtender version 7.6.3 or above\nUpgrade to upcoming FortiExtender version 7.4.8 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-251", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-251"}], "descriptions": [{"lang": "en", "value": "A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Escalation of privilege"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-11-18T17:01:17.437Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46776", "state": "PUBLISHED", "dateUpdated": "2025-11-18T18:34:05.679Z", "dateReserved": "2025-04-29T08:42:13.449Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-11-18T17:01:17.437Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D99BE066-31DA-417E-9C7F-73453CE4A69D", "versionEndExcluding": "7.4.8", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F3DA4B8-95C4-407B-B632-D8F48C89511E", "versionEndExcluding": "7.6.3", "versionStartIncluding": "7.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fortinet:fortiextender:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0617C1D-E321-409D-B54B-775E854A03C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands."}], "id": "CVE-2025-46776", "lastModified": "2025-11-20T14:39:19.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-11-18T17:16:02.180", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-251"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "[email protected]", "type": "Primary"}]}

{}