An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests.
2025-06-10T17:17:51.383
2025-07-24T19:57:52.683
Analyzed
CVSSv3.1: 3.2 (LOW)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | fortinet | fortiproxy | < 7.0.9 | Yes |
| Application | fortinet | fortiproxy | < 7.2.3 | Yes |
| Operating System | fortinet | fortios | ≤ 7.2.11 | Yes |