CVE Catalog

CVE-2025-67862

MediumCVSS 6.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile - higher than 2% of all known CVEs

Summary

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability in Fortinet FortiOS and FortiProxy allows an authenticated admin to execute lua scripts via crafted CLI commands. This affects multiple versions of FortiOS and FortiProxy.

Risk Assessment

This vulnerability may lead to unauthorized access to the system and potential execution of malicious code, posing a serious security threat to the organization.

Recommendation

It is recommended to update to the latest versions of FortiOS and FortiProxy that mitigate this vulnerability and to review and restrict access to the CLI interface.

Original NVD description (English source)

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS