CVE-2025-47856
published 2025-10-14CVE-2025-47856: Two improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiVoice version 7.2.0…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
Two improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiVoice version 7.2.0, 7.0.0 through 7.0.6 and before 6.4.10 allows a privileged attacker to execute arbitrary code or commands via crafted HTTP/HTTPS or CLI requests.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortivoice | — | — |
| fortinet | fortivoice | — | — |
| fortinet | fortivoice | >= 6.4.0 < 6.4.11 | 6.4.11 |
| fortinet | fortivoice | 6.4.0 – 6.4.10 | — |
| fortinet | fortivoice | >= 7.0.0 < 7.0.7 | 7.0.7 |
| fortinet | fortivoice | 7.0.0 – 7.0.6 | — |