Heap-based buffer overflow in cw_stad daemon Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-25-026 Final 1 1 2025-07-08T00:00:00 Current version 2025-07-08T00:00:00 2025-11-03T00:00:00 A heap-based buffer overflow vulnerability [CWE-122] in FortiOS cw_stad daemon may allow an authenticated attacker to execute arbitrary code or commands via specifically crafted requests. None Escalation of privilege None Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team. FortiOS 7.6.2 FortiOS 7.6.1 FortiOS 7.6.0 FortiOS 7.4.7 FortiOS 7.4.6 FortiOS 7.4.5 FortiOS 7.4.4 FortiOS 7.4.3 FortiOS 7.4.2 FortiOS 7.4.1 FortiOS 7.4.0 FortiOS 7.2.12 FortiOS 7.2.11 FortiOS 7.2.10 FortiOS 7.2.9 FortiOS 7.2.8 FortiOS 7.2.7 FortiOS 7.2.6 FortiOS 7.2.5 FortiOS 7.2.4 CVE-2025-24477 FortiOS-7.6.2 FortiOS-7.6.1 FortiOS-7.6.0 FortiOS-7.4.7 FortiOS-7.4.6 FortiOS-7.4.5 FortiOS-7.4.4 FortiOS-7.4.3 FortiOS-7.4.2 FortiOS-7.4.1 FortiOS-7.4.0 FortiOS-7.2.12 FortiOS-7.2.11 FortiOS-7.2.10 FortiOS-7.2.9 FortiOS-7.2.8 FortiOS-7.2.7 FortiOS-7.2.6 FortiOS-7.2.5 FortiOS-7.2.4 4.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-25-026 Heap-based buffer overflow in cw_stad daemon Reference>