6.7

CVE-2025-67862

Medienbericht
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortiOS Version >= 6.4.0 <= 6.4.16
FortinetFortiOS Version >= 7.0.0 <= 7.0.16
FortinetFortiOS Version >= 7.2.0 < 7.2.11
FortinetFortiOS Version >= 7.4.0 < 7.4.8
FortinetFortiOS Version >= 7.6.0 < 7.6.3
FortinetFortiProxy Version >= 7.0.0 <= 7.0.23
FortinetFortiProxy Version >= 7.2.0 < 7.2.15
FortinetFortiProxy Version >= 7.4.0 < 7.4.11
FortinetFortiProxy Version >= 7.6.0 < 7.6.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.04
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@fortinet.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-1244 Internal Asset Exposed to Unsafe Debug Access Level or State

The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
10.06.2026 10:13
https://fortiguard.fortinet.com/psirt/FG-IR-26-143
Vendor Advisory