Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-53679

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0 through 5.0.2 and before 4.4.7 GUI allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.

Published

2025-12-09T18:15:53.477

Last Modified

2025-12-09T20:26:08.307

Status

Undergoing Analysis

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	_fortisandbox_paas	23.1	Yes
Application	fortinet	_fortisandbox_paas	23.3	Yes
Application	fortinet	_fortisandbox_paas	23.4	Yes
Application	fortinet	_fortisandbox_paas	24.1	Yes
Application	fortinet	fortisandbox	≤ 4.4.7	Yes
Application	fortinet	fortisandbox	≤ 5.0.2	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-454 Vendor Advisory ([email protected])