CVE-2025-48839

{"id": "CVE-2025-48839", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}]}, "published": "2025-11-18T17:16:02.610", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-225", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests."}], "lastModified": "2025-11-20T14:37:57.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E77DAF02-DADB-4F22-817B-39059388C7FC", "versionEndExcluding": "7.4.8", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B70F7B79-80C8-4DD1-A310-86E4EEC373EC", "versionEndExcluding": "7.6.3", "versionStartIncluding": "7.6.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE5091E7-982E-451B-B782-4C9669421558"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}