CVE Catalog

CVE-2025-58903

LowCVSS 2.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.06%

20th percentile — higher than 20% of all known CVEs

Summary

CVE-2025-58903 in Fortinet FortiOS versions 7.6.0 through 7.6.3 and before 7.4.8 has an Unchecked Return Value vulnerability that allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specially crafted request.

Risk Assessment

The organization may experience service outages related to http, which could impact operations and user trust.

Recommendation

It is recommended to update FortiOS to the latest version to mitigate this vulnerability and to monitor logs for potential exploitation attempts.

Original NVD description (English source)

An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS