CVE-2025-49813

CWE-78 — OS Command Injection4 documents4 sources

Severity

7.2HIGH

EPSS

0.1%

top 66.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiadc

Timeline

PublishedAug 12

Description

An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortiadc7.1.0 — 7.1.2+2

▶CVEListV5fortinet/fortiadc7.1.0 — 7.1.1+2

🔴Vulnerability Details

CVEList

CVE-2025-49813: An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7↗2025-08-12

▶

GHSA

GHSA-3x2q-7fcg-xmg5: An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7↗2025-08-12

▶

📋Vendor Advisories

Fortinet

An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in...↗2025-08-12

▶