CVE-2025-31104 Information

Description

An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1 7.4.0 through 7.4.6 7.2.0 through 7.2.7 7.1.0 through 7.1.4 7.0 all versions 6.2 all versions 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests.

Reference

https://fortiguard.fortinet.com/psirt/FG-IR-25-099