CVE-2025-31104

CWE-78OS Command InjectionCWE-6825 documents5 sources
Severity
7.2HIGH
EPSS
0.5%
top 36.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiadc
Timeline
PublishedJun 10

Description

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiadc6.1.07.1.5+3
CVEListV5fortinet/fortiadc7.6.07.6.1+6

🔴Vulnerability Details

2
CVEList
CVE-2025-31104: An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 72025-06-10
GHSA
GHSA-qr4w-3pf4-j7r3: An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 72025-06-10

📋Vendor Advisories

2
Fortinet
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in...2025-06-10
Microsoft
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs in Wasmtime2022-06-14
CVE-2025-31104 (HIGH CVSS 7.2) | An Improper Neutralization of Speci | cvebase.io