CVE-2025-58325

MEDIUM EPSS 19.9%

Published Oct 14, 20258mo ago · Modified Jun 17, 20261w ago

6.7 CVSS 3.1

Medium

Published Oct 14, 2025 8mo ago

Last Modified Jun 17, 2026 1w ago

Description

An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands.

CVSS Details

Base Score

6.7

Exploitability

0.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

19.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-684

Affected Products 4

Vendor	Product	Version	Range
fortinet	fortios	*	≥6.4.0 – <7.0.16
fortinet	fortios	*	≥7.2.0 – <7.2.11
fortinet	fortios	*	≥7.4.0 – <7.4.6
fortinet	fortios	7.6.0	any

References 1

fortiguard.fortinet.com https://fortiguard.fortinet.com/psirt/FG-IR-24-361

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.