CVE-2025-27759

Summary

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI commands

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb7.6.0 <= 7.6.3affected
FortinetFortiWeb7.4.0 <= 7.4.7affected
FortinetFortiWeb7.2.0 <= 7.2.10affected
FortinetFortiWeb7.0.0 <= 7.0.10affected

Weaknesses

  • CWE-78: Escalation of privilege

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References