CVE-2025-58903
CVSS 2.7 Low
- CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
- Published: 2025-10-14T16:15:40.930
An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request.
Related CVE by CWE
No related CWE found.
Top CVE for Vendor
No vendor taxonomy on this entry.
Recently Exploited Similar Vulnerabilities
No recent KEV-listed items for this vendor/product.
How to fix CVE-2025-58903
CVE-2025-58903 is a low severity vulnerability affecting the affected product.
Description: An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request. Related CVE by CWENo related CWE found.Top CVE for VendorNo vendor taxonomy on this entry.Recently Exploited Similar VulnerabilitiesNo recent […]
Affected Versions:
❌ Vulnerable: 7.6.0 - 7.6.3
✅ Safe: ≥ 7.6.4
Exploit Difficulty: MEDIUM
⏱️ Time to exploit: 1-4 hours
🛠️ Required skills: Intermediate security knowledge
💰 Public exploits: May be available
How to Fix:
- Check if you're running the affected product
- Verify version (vulnerable: 7.6.0 - 7.6.3)
- Update to ≥ 7.6.4 or later
- If patching is not immediately possible: restrict network exposure, apply least-privilege access
- Test the fix in a staging environment first
- Review logs for signs of exploitation
- Monitor for IOCs (Indicators of Compromise)
- Enable automatic security updates
- Set up vulnerability monitoring
- Review and harden security configurations
Description: An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request. Related CVE by CWENo related CWE found.Top CVE for VendorNo vendor taxonomy on this entry.Recently Exploited Similar VulnerabilitiesNo recent […]
Affected Versions:
❌ Vulnerable: 7.6.0 - 7.6.3
✅ Safe: ≥ 7.6.4
Exploit Difficulty: MEDIUM
⏱️ Time to exploit: 1-4 hours
🛠️ Required skills: Intermediate security knowledge
💰 Public exploits: May be available
How to Fix:
1 Identify affected systems
- Check if you're running the affected product
- Verify version (vulnerable: 7.6.0 - 7.6.3)
2 Immediate actions
- Update to ≥ 7.6.4 or later
- If patching is not immediately possible: restrict network exposure, apply least-privilege access
3 Verification
- Test the fix in a staging environment first
- Review logs for signs of exploitation
- Monitor for IOCs (Indicators of Compromise)
4 Long-term prevention
- Enable automatic security updates
- Set up vulnerability monitoring
- Review and harden security configurations
Exploit Difficulty Assessment
MEDIUM
Time to Exploit: 1-4 hours
Skills Required: Intermediate security knowledge
Public Exploits: May be available
Affected Versions
Vulnerable: 7.6.0 - 7.6.3
Safe: ≥ 7.6.4
Vulnerability Timeline
Oct 14, 2025
Vulnerability Published
CVE details first published to NVD database
Nov 12, 2025
Imported to Database
Added to this CVE tracking system
Detection Rules & IOCs
No specific detection rules generated for this vulnerability type.
No vendor/product data available.