CNNVD-202510-1958 Information
CNNVD ID
CNNVD-202510-1958
Related CVE
- CNNVD Published: 2025-10-14
Description (Chinese)
Fortinet FortiOS是美国飞塔(Fortinet)公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS存在安全漏洞,该漏洞源于功能提供不正确,可能导致本地认证攻击者通过特制CLI命令执行系统命令。以下版本受到影响:7.6.0版本、7.4.0版本至7.4.5版本、7.2.5版本至7.2.10版本、7.0.0版本至7.0.15版本和6.4所有版本。
Description (English)
Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform of the United States of America. The system provides a wide range of security features for users, including firewalls, anti-virus, IPSEc/SSLVPN, Web content filters and anti-spam. Fortinet FortiOS has a security loophole, which stems from the incorrect provision of functionality, which may lead to the local authentication of the attackers to execute the system order through a specially designed CLI order. The following versions were affected: 7.6.0, 7.4.0, 7.2.5, 7.2.10, 7.0.0 to 7.0.15 and all 6.4.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
飞塔
Published
2025-10-14
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-24-361 https://access.redhat.com/security/cve/cve-2025-58325 https://vigilance.fr/vulnerability/FortiOS-privilege-escalation-via-Provision-Specified-Functionality-48569
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-24-361
Share on: