Skip to main content

FortiOS FortiProxy EUVDEUVD-2025-210085

| CVE-2025-67862 MEDIUM
Internal Asset Exposed to Unsafe Debug Access Level or State (CWE-1244)
2026-06-09 fortinet GHSA-h6fm-ggmr-98gx
6.7
CVSS 3.1 · Vendor: fortinet
Share

Severity by source

Vendor (fortinet) PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (fortinet) · only source for this CVE.

CVSS VectorVendor: fortinet

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
CVSS changed
Jun 09, 2026 - 16:22 NVD
6.0 (MEDIUM) 6.7 (MEDIUM)
Analysis Generated
Jun 09, 2026 - 15:49 vuln.today
CVE Published
Jun 09, 2026 - 14:27 nvd
MEDIUM 6.0

DescriptionCVE.org

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.

AnalysisAI

Fortinet FortiOS and FortiProxy expose an internal debug interface (CWE-1244) that allows authenticated administrators to execute arbitrary Lua scripts through crafted CLI commands, exceeding their intended administrative scope. The vulnerability spans broad version ranges of both products, including FortiOS 6.4 through 7.6.2 and FortiProxy 7.0 through 7.6.3. While exploitation requires existing high-privilege (admin) access - limiting opportunistic attack surface - the CVSS temporal vector (E:P) confirms a proof-of-concept exploit exists, and the official fix is available (RL:O). No public exploit identified at time of analysis beyond the proof-of-concept, and this vulnerability is not listed in CISA KEV.

Technical ContextAI

CWE-1244 ('Internal Asset Exposed to Unsafe Debug Access Level or State') describes a class of vulnerabilities where debug or test interfaces - typically intended only for development or factory use - remain accessible in production firmware, exposing capabilities beyond what the normal operational interface is supposed to permit. In FortiOS and FortiProxy, the Lua scripting engine (used internally for automation and testing) is reachable via specially crafted CLI commands by an administrator. This means an admin who should only have access to standard management operations can invoke a Lua interpreter at a privileged system level, effectively bypassing the intended capability boundary. Affected CPEs are cpe:2.3:a:fortinet:fortios and cpe:2.3:a:fortinet:fortiproxy across the version ranges specified. The CVSS local attack vector (AV:L) confirms this requires CLI or console-level access to the device, not a remote network path.

RemediationAI

Patch available per vendor advisory (official fix confirmed by RL:O CVSS temporal metric) - consult the Fortinet PSIRT advisory at https://fortiguard.fortinet.com/psirt/FG-IR-26-143 for exact fixed versions for each affected FortiOS and FortiProxy branch, as specific patch version numbers were not provided in the available intelligence. As a compensating control where immediate patching is not feasible, restrict CLI and management console access to the minimum required administrator accounts using Fortinet's administrative access controls and trusted host restrictions. Enabling detailed CLI audit logging can help detect exploitation attempts. Disabling or removing unnecessary admin accounts reduces exposure to compromised credential scenarios. Note that these controls reduce risk but do not remediate the underlying debug interface exposure - patching remains the definitive fix.

CVE-2024-55591 CRITICAL POC
9.8 Jan 14

FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote

CVE-2016-1909 CRITICAL POC
9.8 Jan 15

Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0

CVE-2016-6909 CRITICAL POC
9.8 Aug 24

Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9

CVE-2015-1880 MEDIUM POC
4.3 May 12

Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote a

CVE-2025-24472 HIGH
8.1 Feb 11

FortiOS and FortiProxy contain an authentication bypass allowing unauthenticated attackers with knowledge of upstream/do

CVE-2024-48884 CRITICAL
9.1 Jan 14

Arbitrary file write and folder deletion in Fortinet FortiManager, FortiOS, and FortiProxy is possible via a path traver

CVE-2022-40684 CRITICAL POC
9.8 Oct 18

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 an

CVE-2024-21762 CRITICAL POC
9.8 Feb 09

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0

CVE-2023-25610 CRITICAL
9.8 Mar 24

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0

CVE-2017-3132 MEDIUM POC
6.1 Sep 12

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthor

CVE-2017-3133 MEDIUM POC
6.1 Sep 12

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthor

CVE-2017-3131 MEDIUM POC
5.4 Sep 12

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to exec

Share

EUVD-2025-210085 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy