CVE-2026-25689

CWE-884 documents4 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 80.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortideceptor
Timeline
PublishedMar 10

Description

An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions may allow a privileged attacker with super-admin profile and CLI access to delet

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

CVEListV5fortinet/fortideceptor6.0.06.0.3+9
NVDfortinet/fortideceptor4.0.06.0.3+1

🔴Vulnerability Details

2
GHSA
GHSA-g4q6-2jp5-77j8: An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 62026-03-10
CVEList
CVE-2026-25689: An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 62026-03-10

📋Vendor Advisories

1
Fortinet
Arbitrary file deletion in administrative interface2026-03-10
CVE-2026-25689 (MEDIUM CVSS 6.5) | An improper neutralization of argum | cvebase.io