CVE-2023-45584

A double free vulnerability [CWE-415] in Fortinet FortiOS version 7.4.0, version 7.2.0 through 7.2.5 and before 7.0.12, FortiProxy version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 and FortiPAM version 1.1.0 through 1.1.2 and before 1.0.3 allows a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.

Published: Aug 12, 2025
Updated: Aug 15, 2025
CVE: CVE-2023-45584
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-415

Affected Software
References

Software	From	Fixed in
fortinet / fortios	7.4.0	7.4.0.x
fortinet / fortios	7.2.0	7.2.6
fortinet / fortios	6.4.0	7.0.13
fortinet / fortipam	1.0.0	1.1.2.x
fortinet / fortiproxy	7.2.0	7.2.8
fortinet / fortiproxy	7.0.0	7.0.14
fortinet / fortiproxy	7.4.0	7.4.2

https://fortiguard.fortinet.com/psirt/FG-IR-23-209

Vulnerability Database

CVE-2023-45584