CVE-2025-31104

Summary

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiADC7.6.0 <= 7.6.1affected
FortinetFortiADC7.4.0 <= 7.4.6affected
FortinetFortiADC7.2.0 <= 7.2.7affected
FortinetFortiADC7.1.0 <= 7.1.4affected
FortinetFortiADC7.0.0 <= 7.0.6affected
FortinetFortiADC6.2.0 <= 6.2.6affected
FortinetFortiADC6.1.0 <= 6.1.6affected

Weaknesses

  • CWE-78: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References