Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2025-64157

6.7 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 1 week ago

A use of externally-controlled format string vulnerability in Fortinet FortiOS …

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-795

Affected products

FortiOS

=<7.0.19
=<7.2.11
=<7.6.4
=<7.4.9

Matching in nixpkgs

pkgs.terraform-providers.fortios

None

nixos-unstable 1.22.1
- nixpkgs-unstable 1.24.0
- nixos-unstable-small 1.24.1
nixos-25.11 1.23.0
- nixpkgs-25.11-darwin 1.23.0

pkgs.python312Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python313Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python314Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable -
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>