CVE-2025-66178

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 8.0.0 through 8.0.1 Fortinet FortiWeb versions 7.6.0 through 7.6.5 Fortinet FortiWeb versions 7.4.0 through 7.4.11 Fortinet FortiWeb versions 7.2.0 through 7.2.12 Fortinet FortiWeb versions 7.0.0 through 7.0.12

Description An improper neutralization of special elements used in an OS command ('OS command injection') exists. This issue may allow an authenticated attacker to execute arbitrary commands via a specially crafted HTTP request.

Recommendations Fortinet FortiWeb version 8.0.0 through 8.0.1 should be updated. Fortinet FortiWeb version 7.6.0 through 7.6.5 should be updated. Fortinet FortiWeb version 7.4.0 through 7.4.11 should be updated. Fortinet FortiWeb version 7.2.0 through 7.2.12 should be updated. Fortinet FortiWeb version 7.0.0 through 7.0.12 should be updated.