Bright Nexus

Published on March 11, 2026

Fortinet FortiManager fgtupdates Flaw Enables Attackers to Execute Malicious Commands Remotely

Severity

High

Detail

Fortinet has released a security advisory regarding a high severity vulnerability affecting FortiManager.

The vulnerability, tracked as CVE-2025-54820, has a CVSS score of 7.0 and may allow remote, unauthenticated attackers to execute unauthorized commands on affected systems.

CVE IDDescrptionCVSS Score
CVE-2025-54820A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.7.0

The vulnerability resides in the fgtupdates service, which is responsible for handling update-related operations within the FortiManager platform.

When the fgtupdates service is enabled, an attacker could exploit the vulnerability by sending specially crafted network requests to the targeted device. Successful exploitation may result in arbitrary code execution or the execution of unauthorized commands on the underlying system.

As FortiManager is designed to centrally manage multiple Fortinet security devices, compromise of this platform could potentially impact the broader security infrastructure of an organization.

Fortinet also noted that the attack requires bypassing built-in stack protection mechanisms. Additionally, the vulnerability is only exploitable when the fgtupdates service is enabled. If the service is disabled, the attack vector is effectively removed.

Affected Products

The vulnerability affects several older release branches of FortiManager. Administrators should review their deployments to determine whether the following versions are in use:

  • FortiManager 7.4 versions 7.4.0 through 7.4.2 are vulnerable.
  • FortiManager 7.2 versions 7.2.0 through 7.2.10 are vulnerable.
  • FortiManager 6.4 all versions are completely vulnerable.

Fortinet confirmed that FortiManager 7.6 is not affected by this vulnerability.

Additionally, FortiManager Cloud deployments are not exposed to this issue and do not require any remediation.

Recommendation

Fortinet recommends that organizations upgrade their FortiManager systems to a patched version to prevent potential remote exploitation.

The recommended upgrade paths are as follows:

  • Users on the 7.4 branch should upgrade to version 7.4.3 or later.
  • Users on the 7.2 branch should upgrade to version 7.2.11 or later.
  • Users running version 6.4 must migrate to a supported and fixed release branch.

The vulnerability was identified and responsibly disclosed by catalpa from Dbappsecurity Co., Ltd.

For organizations that cannot immediately apply the update, Fortinet has provided a temporary mitigation method. Administrators can reduce the risk by disabling the fgtupdates service through the FortiManager command line interface.

To apply the workaround, administrators can refer to the official Fortinet PSIRT advisory for detailed instructions.

Disabling the fgtupdates service prevents the vulnerable component from being exposed to the network, thereby reducing the risk of exploitation until the appropriate firmware update can be applied.

Source

https://gbhackers.com/fortinet-fortimanager-fgtupdates-flaw/

https://fortiguard.fortinet.com/psirt/FG-IR-26-098