CNNVD-202512-1224 Information

Dec 09, 2025 cve

CNNVD ID

CNNVD-202512-1224

CVE-2025-53679

  • CNNVD Published: 2025-12-09

Description (Chinese)

Fortinet FortiSandbox是美国飞塔(Fortinet)公司的一款APT(高级持续性威胁)防护设备。该设备提供双重沙盒技术、动态威胁智能系统、实时控制面板和报告等功能。 Fortinet FortiSandbox 5.0.0版本至5.0.2版本和4.4.7之前版本存在操作系统命令注入漏洞,该漏洞源于HTTP或HTTPS请求中和不当,可能导致远程命令执行。

Description (English)

Fortinet FortiSandbox is an APT (Advanced Continuing Threat) protection unit of Fortinet. The equipment provides dual sandbox technology, dynamic threat intelligence systems, real-time control panels and reporting. Fortinet FortiSandbox 5.0.0 to 5.0.2 and previous versions 4.4.7 had a gap in the operating system commands, which originated in an inappropriate HTTP or HTTPS request and could lead to remote command execution.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

飞塔

Published

2025-12-09

Last Modified

2026-02-24

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-454

Patch

https://fortiguard.fortinet.com/psirt/FG-IR-25-454

Share on: