CVE-2025-53680
published 2026-05-12CVE-2025-53680: An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiap | >= 6.4.0 < 7.4.6 | 7.4.6 |
| fortinet | fortiap | 6.4.3 – 6.4.9 | — |
| fortinet | fortiap | 7.0.0 – 7.0.7 | — |
| fortinet | fortiap | 7.2.0 – 7.2.6 | — |
| fortinet | fortiap | 7.4.0 – 7.4.5 | — |
| fortinet | fortiap | >= 7.6.0 < 7.6.3 | 7.6.3 |
| fortinet | fortiap | 7.6.0 – 7.6.2 | — |
| fortinet | fortiap-u | 6.2.0 – 6.2.6 | — |
| fortinet | fortiap-u | >= 7.0.0 < 7.0.6 | 7.0.6 |
| fortinet | fortiap-u | 7.0.0 – 7.0.5 | — |
| fortinet | fortiap-w2 | 7.0.0 – 7.0.8 | — |
| fortinet | fortiap-w2 | >= 7.2.0 < 7.4.5 | 7.4.5 |
| fortinet | fortiap-w2 | 7.2.0 – 7.2.5 | — |
| fortinet | fortiap-w2 | 7.4.0 – 7.4.4 | — |