FortiAnalyzer 7.0-7.6.x Authenticated HTTP Crash via Dangerous Function
CVE-2025-67604 Published on May 12, 2026
A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.
Vulnerability Analysis
CVE-2025-67604 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Use of Potentially Dangerous Function
The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.
Products Associated with CVE-2025-67604
stack.watch emails you whenever new vulnerabilities are published in Fortinet Fortianalyzer or Fortinet FortiManager. Just hit a watch button to start following.
Affected Versions
Fortinet FortiAnalyzer:- Version 7.6.0, <= 7.6.4 is affected.
- Version 7.4.0, <= 7.4.8 is affected.
- Version 7.2.0, <= 7.2.12 is affected.
- Version 7.0.0, <= 7.0.16 is affected.
- Version 6.4.0, <= 6.4.15 is affected.
- Version 7.6.0, <= 7.6.4 is affected.
- Version 7.4.0, <= 7.4.8 is affected.
- Version 7.2.0, <= 7.2.12 is affected.
- Version 7.0.0, <= 7.0.16 is affected.
- Version 6.4.0, <= 6.4.15 is affected.