Fortinet has revealed a critical vulnerability within its FortiManager platform, posing a risk of unauthorized command execution. This stack-based buffer overflow flaw, identified as CVE-2025-54820, has been given a CVSSv3 severity score of 7.0, indicating a significant threat to network management systems using vulnerable versions of FortiManager.
Details of the Vulnerability
The flaw is located in the fgtupdates service of FortiManager. Remote attackers who are not authenticated can exploit this vulnerability by sending specially crafted requests, potentially leading to unauthorized code execution on the affected systems. However, the exploitation is contingent upon the fgtupdates service being active and requires bypassing existing stack protection methods, which adds complexity to the attack and results in a High rather than Critical severity rating.
Fortinet issued an advisory on March 10, 2026, under the reference FG-IR-26-098. The vulnerability was responsibly disclosed by a researcher from Dbappsecurity Co., Ltd.
Affected Versions and Mitigation Measures
Several versions of FortiManager are confirmed to be affected. Specifically, versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.10 require upgrades to versions 7.4.3 and 7.2.11, respectively. All versions of FortiManager 6.4 should be migrated to a fixed release. Importantly, FortiManager Cloud does not have this vulnerability, restricting the issue to on-premises setups.
Fortinet advises upgrading to the patched versions as the primary solution. For those unable to update immediately, disabling the fgtupdates service can serve as a temporary workaround. This can be done by removing it from the service access list on relevant interfaces using the CLI configuration.
Security Recommendations
FortiManager is extensively used across enterprise and governmental sectors for centralized management of Fortinet security devices. Vulnerabilities that allow unauthorized remote code execution, even under specific conditions, significantly expand the attack surface for threat actors.
Security teams should conduct an immediate audit of active FortiManager services, apply necessary patches, and vigilantly monitor for unusual access to the fgtupdates service endpoint. The focus on network management platforms by cybercriminals is a growing concern as these systems are often used for lateral movement and establishing persistent access within managed infrastructures.
Stay informed with our regular cybersecurity updates by following us on Google News, LinkedIn, and X. Contact us to share your cybersecurity stories.
