PT-2025-32881 · Fortinet · Fortiweb Cli

CVE-2025-47857

·

Published

2025-08-12

·

Updated

2025-08-15

CVSS v3.1

6.7

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb CLI versions 7.6.0 through 7.6.3 Fortinet FortiWeb CLI versions prior to 7.4.8
Description: A flaw exists in the improper neutralization of special elements used in an operating system command, specifically an OS command injection (CWE-78). This allows a privileged attacker to execute arbitrary code or commands through crafted command-line interface (CLI) commands.
Recommendations: Fortinet FortiWeb CLI versions 7.6.0 through 7.6.3 should be updated. Fortinet FortiWeb CLI versions prior to 7.4.8 should be updated.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-47857

Affected Products

Fortiweb Cli