Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2025-64157
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 1 month, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 1 week ago
  • @LeSuisse removed
    4 packages
    • terraform-providers.fortios
    • python312Packages.fortiosapi
    • python313Packages.fortiosapi
    • python314Packages.fortiosapi
    1 month, 1 week ago
  • @LeSuisse dismissed 1 month, 1 week ago
A use of externally-controlled format string vulnerability in Fortinet FortiOS …

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.

References

Affected products

FortiOS
  • =<7.6.4
  • =<7.0.19
  • =<7.2.11
  • =<7.4.9 
Not present in nixpkgs