CVE-2025-31104

| EUVD-2025-17797 HIGH
2025-06-10 [email protected]
7.2
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17797
CVE Published
Jun 10, 2025 - 17:21 nvd
HIGH 7.2

Tags

Command Injection Fortinet Fortigate RCE Authentication Bypass Fortiadc

Description

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests.

Analysis

FortiADC versions 6.1 through 7.6.1 contain an OS command injection vulnerability (CWE-78) that allows authenticated attackers with high privileges to execute arbitrary code through crafted HTTP requests. The vulnerability affects multiple product versions across several release branches, with a CVSS score of 7.2 indicating high severity. While the attack requires authentication and high-level privileges, successful exploitation results in complete system compromise with confidentiality, integrity, and availability impact.

Technical Context

This vulnerability is an OS Command Injection flaw (CWE-78: Improper Neutralization of Special Elements used in an OS Command) in Fortinet's FortiADC application delivery controller. The affected component likely processes user-supplied input from HTTP requests that is subsequently passed to OS-level command execution functions without proper sanitization or parameterization. The vulnerability exists across the network security appliance's input validation layer, affecting the HTTP request processing pipeline. CWE-78 typically occurs when applications construct system commands using unsanitized user input, allowing attackers to inject shell metacharacters or command separators. The affected CPE scope includes FortiADC 6.1, 6.2, 7.0, 7.1.0-7.1.4, 7.2.0-7.2.7, 7.4.0-7.4.6, and 7.6.0-7.6.1, indicating the vulnerability has persisted across multiple major and minor versions.

Affected Products

FortiADC (['6.1 (all versions)', '6.2 (all versions)', '7.0 (all versions)', '7.1.0 through 7.1.4', '7.2.0 through 7.2.7', '7.4.0 through 7.4.6', '7.6.0 through 7.6.1'])

Remediation

Patching: Upgrade FortiADC to patched versions. Based on typical Fortinet release patterns, users should upgrade to: FortiADC 7.6.2 or later (for 7.6.x branch), 7.4.7 or later (for 7.4.x branch), 7.2.8 or later (for 7.2.x branch), 7.1.5 or later (for 7.1.x branch), or current versions of 7.0 with security patches. FortiADC 6.x versions have reached end-of-life and should be replaced entirely.; priority: Critical Access Control: Restrict administrative access to FortiADC management interfaces. Implement network segmentation to limit which hosts can access management endpoints. Disable unnecessary administrative accounts and enforce MFA/2FA for administrative access.; priority: High Monitoring: Enable detailed logging of administrative actions and HTTP requests to the FortiADC management interface. Monitor logs for unusual command patterns, shell metacharacters in requests, or administrative activity from unexpected sources.; priority: High Workaround: Until patches can be applied, implement firewall rules to restrict HTTP/HTTPS access to FortiADC management interfaces to trusted administrative IP ranges only.; priority: Medium

Priority Score

36
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +36
POC: 0

Share

CVE-2025-31104 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy