CVE-2025-47857 Information

Description

A improper neutralization of special elements used in an os command (‘os command injection’) vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands.

Reference

https://fortiguard.fortinet.com/psirt/FG-IR-25-253

Related CNNVD

CNNVD-202508-1262 (Published: 2025-08-12)