CNNVD-202512-1275 Information

Dec 09, 2025 cve

CNNVD ID

CNNVD-202512-1275

CVE-2025-53949

  • CNNVD Published: 2025-12-09

Description (Chinese)

Fortinet FortiSandbox是美国飞塔(Fortinet)公司的一款APT(高级持续性威胁)防护设备。该设备提供双重沙盒技术、动态威胁智能系统、实时控制面板和报告等功能。 Fortinet FortiSandbox 5.0.0版本至5.0.2版本、4.4.0版本至4.4.7版本、4.2所有版本和4.0所有版本存在操作系统命令注入漏洞,该漏洞源于HTTP请求中和不当,可能导致执行任意代码。

Description (English)

Fortinet FortiSandbox is an APT (Advanced Continuing Threat) protection unit of Fortinet. The equipment provides dual sandbox technology, dynamic threat intelligence systems, real-time control panels and reporting. Fortinet FortiSandbox 5.0.0 to 5.0.2, 4.4.0 to 4.4.7, 4.2 and 4.0 had an operational system command-injecting loophole, which originated in the HTTP request inappropriately and could lead to the enforcement of arbitrary codes.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

飞塔

Published

2025-12-09

Last Modified

2026-02-24

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-479

Patch

https://fortiguard.fortinet.com/psirt/FG-IR-25-479

Share on: