Fortinet disclosed a significant security flaw in its FortiOS operating system, identified as CVE-2025-24477. This heap-based buffer overflow vulnerability, classified under CWE-122, affects the cw_stad daemon and could enable an authenticated attacker to execute arbitrary code or commands through specially crafted requests.

With a CVSSv3 score of 4.0, the vulnerability is rated as medium severity, yet its potential impact, escalation of privilege, poses a serious risk to affected systems.