CVE-2023-37930

Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities in Fortinet FortiOS SSL VPN webmode version 7.4.0, version 7.2.0 through 7.2.5, version 7.0.1 through 7.0.11 and version 6.4.7 through 6.4.14 and Fortinet FortiProxy SSL VPN webmode version 7.2.0 through 7.2.6 and version 7.0.0 through 7.0.12 allows a VPN user to corrupt memory potentially leading to code or commands execution via specifically crafted requests.

Published: Apr 8, 2025
Updated: Jul 24, 2025
CVE: CVE-2023-37930
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-908

Affected Software
References

Software	From	Fixed in
fortinet / fortios	7.4.0	7.4.0.x
fortinet / fortios	6.4.7	6.4.15
fortinet / fortios	7.0.1	7.0.13
fortinet / fortios	7.2.0	7.2.6
fortinet / fortiproxy	7.0.0	7.0.13
fortinet / fortiproxy	7.2.0	7.2.7

https://fortiguard.com/psirt/FG-IR-23-165

Vulnerability Database

CVE-2023-37930