cbcvebase.
CVE-2025-31104
published 2025-06-10

CVE-2025-31104: An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0…

high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests.

Affected

15 ranges
VendorProductVersion rangeFixed in
fortinetfortiadc
fortinetfortiadc>= 6.1.0 < 7.1.57.1.5
fortinetfortiadc6.1.0 – 6.1.6
fortinetfortiadc6.2.0 – 6.2.6
fortinetfortiadc7.0.0 – 7.0.6
fortinetfortiadc7.1.0 – 7.1.4
fortinetfortiadc>= 7.2.0 < 7.2.87.2.8
fortinetfortiadc7.2.0 – 7.2.7
fortinetfortiadc>= 7.4.0 < 7.4.77.4.7
fortinetfortiadc7.4.0 – 7.4.6
fortinetfortiadc>= 7.6.0 < 7.6.27.6.2
fortinetfortiadc7.6.0 – 7.6.1
msrcazl3_mozjs_102.15.1-1_on_azure_linux_3.0
msrcazl3_rust_1.75.0-14_on_azure_linux_3.0
msrcazl3_rust_1.86.0-1_on_azure_linux_3.0