PT-2025-50113 · Fortinet · Fortisandbox
Published
2025-12-09
·
Updated
2026-02-05
·
CVE-2025-53679
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiSandbox versions 5.0.0 through 5.0.2
Fortinet FortiSandbox versions prior to 4.4.7
Description
An issue exists in Fortinet FortiSandbox that allows a remote privileged attacker to execute unauthorized code or commands. This is due to an improper neutralization of special elements used in an OS command, specifically an OS Command Injection flaw (CWE-78). The attacker can exploit this by sending specially crafted HTTP or HTTPS requests.
Recommendations
Update FortiSandbox to a version after 5.0.2.
Update FortiSandbox to version 4.4.7 or later.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortisandbox