CVE-2025-58903
LowCVSS 2.7Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
CVE-2025-58903 in Fortinet FortiOS versions 7.6.0 through 7.6.3 and before 7.4.8 has an Unchecked Return Value vulnerability that allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specially crafted request.
Risk Assessment
The organization may experience service outages related to http, which could impact operations and user trust.
Recommendation
It is recommended to update FortiOS to the latest version to mitigate this vulnerability and to monitor logs for potential exploitation attempts.
Original NVD description (English source)
An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request.

