Critical Fortinet FortiManager fgtupdates Vulnerability Allows Remote Command Execution

Fortinet has disclosed a high-severity vulnerability in its FortiManager platform that could allow attackers to execute unauthorized commands remotely.

The flaw, tracked as CVE-2025-54820, carries a CVSS score of 7.0 and affects several versions of FortiManager used to centrally manage Fortinet security devices across enterprise networks.

Security researchers warn that because FortiManager is designed to control and configure multiple Fortinet appliances, any successful exploitation could have significant security implications.

Attackers gaining command execution on the platform could potentially manipulate network security policies or disrupt critical security infrastructure.

Understanding the Vulnerability

The vulnerability stems from a stack-based buffer overflow (CWE-121) found in the FortiManager fgtupdates service.

A buffer overflow occurs when a program writes more data to a memory buffer than it can safely hold, potentially allowing attackers to overwrite memory and execute malicious instructions.

In this case, an attacker can exploit the flaw by sending specially crafted network requests to a FortiManager system where the fgtupdates service is enabled.

If the exploit is successful, the attacker could execute arbitrary code or run unauthorized commands on the affected system.

However, Fortinet notes that exploitation is not guaranteed. Attackers must bypass built-in stack protection mechanisms designed to prevent memory corruption attacks.

Additionally, the vulnerability only becomes exploitable if the fgtupdates service is active. If the service is disabled, the attack vector is effectively removed.

The issue was responsibly disclosed by security researcher Catalpa from Dbappsecurity Co., Ltd.

Affected Versions

According to Fortinet’s advisory, the vulnerability impacts several older FortiManager release branches.

• FortiManager 7.4 versions 7.4.0 through 7.4.2
• FortiManager 7.2 versions 7.2.0 through 7.2.10
• FortiManager 6.4 all versions

Fortinet confirmed that FortiManager 7.6 is not affected by the vulnerability. Organizations using FortiManager Cloud are also safe and do not require any action.

Fortinet strongly recommends that organizations upgrade their FortiManager installations to a patched version as soon as possible to prevent potential exploitation.

Recommended upgrade paths include:

• Upgrade FortiManager 7.4 deployments to version 7.4.3 or later
• Upgrade FortiManager 7.2 deployments to version 7.2.11 or later
• Migrate FortiManager 6.4 installations to a supported and secure release branch

Applying these updates eliminates the vulnerability and ensures systems are protected against potential remote attacks.

For organizations that cannot immediately deploy patches, Fortinet has provided a temporary mitigation strategy.

Administrators can reduce the risk by disabling the vulnerable fgtupdates service using the FortiManager command-line interface.

The mitigation can be implemented using the following configuration steps:

config system interface
edit <portID>
set serviceaccess <service> (Ensure required services remain enabled and remove fgtupdates)
end

By removing fgtupdates from the service access list, organizations can block the vulnerable service and prevent attackers from exploiting the flaw until a permanent firmware update is applied.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post Critical Fortinet FortiManager fgtupdates Vulnerability Allows Remote Command Execution appeared first on Cyber Security News.