8.2
CVE-2025-58325
- EPSS 0.28%
- Veröffentlicht 14.10.2025 15:22:39
- Zuletzt bearbeitet 14.10.2025 20:22:50
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.197 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 8.2 | 1.5 | 6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-684 Incorrect Provision of Specified Functionality
The code does not function according to its published specifications, potentially leading to incorrect usage.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://fortiguard.fortinet.com/psirt/FG-IR-24-361