Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2025-53679

Vulnerability from fkie_nvd - Published: 2025-12-09 18:15 - Updated: 2025-12-09 20:26

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0 through 5.0.2 and before 4.4.7 GUI allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-25-454	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	_fortisandbox_paas	23.1
fortinet	_fortisandbox_paas	23.3
fortinet	_fortisandbox_paas	23.4
fortinet	_fortisandbox_paas	24.1
fortinet	fortisandbox	*
fortinet	fortisandbox	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:_fortisandbox_paas:23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "334F4714-8C2F-4D94-981E-01CCAFA33D3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:_fortisandbox_paas:23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B844B255-B1B6-49B0-9439-9148D8883FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:_fortisandbox_paas:23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "74BAC445-4ADC-462E-A764-C95385B244E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:_fortisandbox_paas:24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE526B2D-8181-4E4D-B9C8-21589F6AA688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFD5377C-8169-4A97-A7B3-799290CB6BF8",
              "versionEndIncluding": "4.4.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5335FAF-6569-44CE-8634-0991C738CCF9",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0 through 5.0.2 and before 4.4.7 GUI allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests."
    }
  ],
  "id": "CVE-2025-53679",
  "lastModified": "2025-12-09T20:26:08.307",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-09T18:15:53.477",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-454"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Primary"
    }
  ]
}

CVE-2025-53679 (GCVE-0-2025-53679)

Vulnerability from cvelistv5 – Published: 2025-12-09 17:19 – Updated: 2025-12-10 04:57

Summary

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0 through 5.0.2 and before 4.4.7 GUI allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.

Severity ?

6.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C

CWE

CWE-78 - Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-454

Impacted products

Vendor

Product

Version

Fortinet

FortiSandbox Cloud

Affected: 24.1
Affected: 23.4
cpe:2.3:a:fortinet:fortisandboxcloud:24.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandboxcloud:23.4:*:*:*:*:*:*:*

Fortinet

FortiSandbox

Affected: 5.0.0 , ≤ 5.0.2 (semver)
Affected: 4.4.0 , ≤ 4.4.7 (semver)
Affected: 4.2.0 , ≤ 4.2.8 (semver)
Affected: 4.0.0 , ≤ 4.0.6 (semver)
    cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53679",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-10T04:57:28.315Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisandboxcloud:24.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandboxcloud:23.4:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSandbox Cloud",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "24.1"
            },
            {
              "status": "affected",
              "version": "23.4"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSandbox",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "5.0.2",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.7",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.2.8",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.0.6",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0 through 5.0.2 and before 4.4.7 GUI allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T17:19:51.110Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-454",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-454"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiSandbox version 5.0.3 or above\nUpgrade to FortiSandbox version 4.4.8 or above\nFortinet remediated this issue in FortiSandbox Cloud version 24.2 (not released) and hence customers do not need to perform any action."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-53679",
    "datePublished": "2025-12-09T17:19:51.110Z",
    "dateReserved": "2025-07-08T09:23:05.010Z",
    "dateUpdated": "2025-12-10T04:57:28.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-53679 (GCVE-0-2025-53679)

Vulnerability from nvd – Published: 2025-12-09 17:19 – Updated: 2025-12-10 04:57

Summary

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0 through 5.0.2 and before 4.4.7 GUI allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.

Severity ?

6.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C

CWE

CWE-78 - Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-454

Impacted products

Vendor

Product

Version

Fortinet

FortiSandbox Cloud

Affected: 24.1
Affected: 23.4
cpe:2.3:a:fortinet:fortisandboxcloud:24.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisandboxcloud:23.4:*:*:*:*:*:*:*

Fortinet

FortiSandbox

Affected: 5.0.0 , ≤ 5.0.2 (semver)
Affected: 4.4.0 , ≤ 4.4.7 (semver)
Affected: 4.2.0 , ≤ 4.2.8 (semver)
Affected: 4.0.0 , ≤ 4.0.6 (semver)
    cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53679",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-10T04:57:28.315Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisandboxcloud:24.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandboxcloud:23.4:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSandbox Cloud",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "24.1"
            },
            {
              "status": "affected",
              "version": "23.4"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSandbox",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "5.0.2",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.7",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.2.8",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.0.6",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0 through 5.0.2 and before 4.4.7 GUI allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T17:19:51.110Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-454",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-454"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiSandbox version 5.0.3 or above\nUpgrade to FortiSandbox version 4.4.8 or above\nFortinet remediated this issue in FortiSandbox Cloud version 24.2 (not released) and hence customers do not need to perform any action."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-53679",
    "datePublished": "2025-12-09T17:19:51.110Z",
    "dateReserved": "2025-07-08T09:23:05.010Z",
    "dateUpdated": "2025-12-10T04:57:28.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Search criteria

3 vulnerabilities found for _fortisandbox_paas by fortinet

FKIE_CVE-2025-53679

CVE-2025-53679 (GCVE-0-2025-53679)

CVE-2025-53679 (GCVE-0-2025-53679)