Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests.
AnalysisAI
FortiADC versions 6.1 through 7.6.1 contain an OS command injection vulnerability (CWE-78) that allows authenticated attackers with high privileges to execute arbitrary code through crafted HTTP requests. The vulnerability affects multiple product versions across several release branches, with a CVSS score of 7.2 indicating high severity. While the attack requires authentication and high-level privileges, successful exploitation results in complete system compromise with confidentiality, integrity, and availability impact.
Technical ContextAI
This vulnerability is an OS Command Injection flaw (CWE-78: Improper Neutralization of Special Elements used in an OS Command) in Fortinet's FortiADC application delivery controller. The affected component likely processes user-supplied input from HTTP requests that is subsequently passed to OS-level command execution functions without proper sanitization or parameterization. The vulnerability exists across the network security appliance's input validation layer, affecting the HTTP request processing pipeline. CWE-78 typically occurs when applications construct system commands using unsanitized user input, allowing attackers to inject shell metacharacters or command separators. The affected CPE scope includes FortiADC 6.1, 6.2, 7.0, 7.1.0-7.1.4, 7.2.0-7.2.7, 7.4.0-7.4.6, and 7.6.0-7.6.1, indicating the vulnerability has persisted across multiple major and minor versions.
RemediationAI
Patching: Upgrade FortiADC to patched versions. Based on typical Fortinet release patterns, users should upgrade to: FortiADC 7.6.2 or later (for 7.6.x branch), 7.4.7 or later (for 7.4.x branch), 7.2.8 or later (for 7.2.x branch), 7.1.5 or later (for 7.1.x branch), or current versions of 7.0 with security patches. FortiADC 6.x versions have reached end-of-life and should be replaced entirely.; priority: Critical Access Control: Restrict administrative access to FortiADC management interfaces. Implement network segmentation to limit which hosts can access management endpoints. Disable unnecessary administrative accounts and enforce MFA/2FA for administrative access.; priority: High Monitoring: Enable detailed logging of administrative actions and HTTP requests to the FortiADC management interface. Monitor logs for unusual command patterns, shell metacharacters in requests, or administrative activity from unexpected sources.; priority: High Workaround: Until patches can be applied, implement firewall rules to restrict HTTP/HTTPS access to FortiADC management interfaces to trusted administrative IP ranges only.; priority: Medium
An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all version
A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.
An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions,
An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiA
Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] i
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0
Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 thr
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiAD
A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to d
Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC ve
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17797