6.7
CVE-2025-67862
- EPSS 0.14%
- Veröffentlicht 09.06.2026 14:27:50
- Zuletzt bearbeitet 11.06.2026 21:31:31
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ FortiProxy Version >= 7.0.0 <= 7.0.23
Fortinet ≫ FortiProxy Version >= 7.2.0 < 7.2.15
Fortinet ≫ FortiProxy Version >= 7.4.0 < 7.4.11
Fortinet ≫ FortiProxy Version >= 7.6.0 < 7.6.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.04 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@fortinet.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-1244 Internal Asset Exposed to Unsafe Debug Access Level or State
The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://fortiguard.fortinet.com/psirt/FG-IR-26-143