An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.fortinet.com/psirt/FG-IR-25-099 |
![]() ![]() |
History
Tue, 22 Jul 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:* |
Sat, 12 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Tue, 10 Jun 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Jun 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests. | |
First Time appeared |
Fortinet
Fortinet fortiadc |
|
Weaknesses | CWE-78 | |
CPEs | cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:* |
|
Vendors & Products |
Fortinet
Fortinet fortiadc |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: fortinet
Published: 2025-06-10T16:36:13.131Z
Updated: 2025-06-11T04:01:45.873Z
Reserved: 2025-03-26T14:23:51.630Z
Link: CVE-2025-31104

Updated: 2025-06-10T18:33:59.349Z

Status : Analyzed
Published: 2025-06-10T17:21:22.873
Modified: 2025-07-22T17:06:49.670
Link: CVE-2025-31104

No data.