Published on January 14, 2026
CVE-2025-25249 – RCE Vulnerability in FortiOS and FortiSwitchManager
Severity
High
Detail
A high-severity RCE vulnerability affecting FortiOS and FortiSwitchManager has been disclosed by Fortinet.
| CVE Number | Description | CVSS Score (Severity) |
| CVE-2025-25249 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiSwitchManager cw_acd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. | 7.4 (High) |
According to Fortinet, the vulnerability stems from a flaw in the CAPWAP Wireless Aggregate Controller Daemon, the vulnerability was discovered internally by Fortinet’s Product Security Team.
Although no exploitation or public PoC has been observed yet, adversaries are likely to weaponize the FortiOS and FortiSwitchManager vulnerability to gain network access.
Affected Version:
| Product | Affected Version | Fixed Version |
| FortiOS 7.6 | 7.6.0 through 7.6.3 | 7.6.4 or above |
| FortiOS 7.4 | 7.4.0 through 7.4.8 | 7.4.9 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.11 | 7.2.12 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.17 | 7.0.18 or above |
| FortiOS 6.4 | 6.4.0 through 6.4.16 | 6.4.17 or above |
| FortiSwitchManager 7.2 | 7.2.0 through 7.2.6 | 7.2.7 or above |
| FortiSwitchManager 7.0 | 7.0.0 through 7.0.5 | 7.0.6 or above |
| FortiSASE 25.1.a | 25.1.a | Migrate to a fixed release |
Note: The following FortiSASE versions are unaffected: 22, 23.1, 23.2, 23.3, 24.4, 25.2.
Recommendation
To protect systems against attacks exploiting these vulnerabilities, Fortinet strongly recommends that customers upgrade to the latest fixed version of affected Fortinet products. FortiOS runs on products such as FortiGate Next-Generation Firewalls, FortiGate VM, and FortiWiFi.
Workaround
If immediate patching is not an option, Fortinet recommends removing “fabric” access or disallowing access to the CAPWAP daemon. Steps to do so can be found in their advisory page.