Skip to main content

Fortinet FortiAP EUVD-2025-209800

| CVE-2025-53680 MEDIUM
OS Command Injection (CWE-78)
2026-05-12 fortinet GHSA-82qf-px4x-x2w7
Fortinet Command Injection
6.7
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
CVSS changed
May 12, 2026 - 18:22 NVD
6.1 (MEDIUM) 6.7 (MEDIUM)
Analysis Generated
May 12, 2026 - 18:01 vuln.today
CVE Published
May 12, 2026 - 16:54 nvd
MEDIUM 6.1

DescriptionNVD

An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.

AnalysisAI

OS command injection in Fortinet FortiAP, FortiAP-U, and FortiAP-W2 allows authenticated privileged attackers to execute arbitrary code via maliciously crafted CLI requests. Affected versions span FortiAP 6.4 through 7.6.2, FortiAP-U 6.2 through 7.0.5, and FortiAP-W2 7.0 through 7.4.4. The vulnerability requires high-privilege administrative access and local CLI interaction, limiting exposure to trusted insider threats or compromised management interfaces. CVSS 6.1 reflects the high impact (code execution with full system privileges) constrained by authentication and local access requirements.

Technical ContextAI

This is a classic OS command injection vulnerability (CWE-78) in the CLI (command-line interface) subsystem of Fortinet's wireless access point platform. The vulnerability stems from improper neutralization of special shell metacharacters (such as pipe, semicolon, backtick, or command substitution operators) when processing CLI arguments. Affected products include FortiAP (unified campus/branch APs), FortiAP-U (cloud-managed unified APs), and FortiAP-W2 (WiFi 6 APs). The injection occurs when crafted CLI requests are parsed without adequate input validation or escaping before being passed to underlying shell execution functions. This allows an authenticated privileged user to break out of the intended command context and inject arbitrary shell commands that execute with the privileges of the FortiAP system service.

RemediationAI

Fortinet has released patched versions; consult FG-IR-26-131 at https://fortiguard.fortinet.com/psirt/FG-IR-26-131 for exact fixed versions for each product line (FortiAP, FortiAP-U, FortiAP-W2). Upgrade immediately to the patched firmware version recommended for your model. As an interim compensating control, restrict CLI access to trusted administrators only and implement network segmentation to limit who can reach the management interface (SSH/telnet). Disable remote CLI access if not operationally required and enforce multi-factor authentication on all administrative accounts. Audit CLI command history and activity logs for signs of injected commands (unusual shell metacharacters or multi-statement commands). Monitor for unexpected process execution or outbound connections initiated from the FortiAP device. These controls reduce exposure but do not eliminate risk; patching is the definitive remediation.

Share

EUVD-2025-209800 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy