FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands

FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands

Posted on By CWS

Fortinet disclosed a high-severity vulnerability in its FortiOS working system on October 14, 2025, that might allow native authenticated attackers to execute arbitrary system instructions.

Tracked as CVE-2025-58325, the flaw stems from an incorrect provision of specified performance (CWE-684) within the CLI element, probably resulting in privilege escalation.

With a CVSS v3.1 rating of seven.8 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), it poses vital dangers to enterprise networks counting on Fortinet’s firewalls and safety home equipment.

FortiOS CLI Command Bypass Vulnerability

The difficulty arises when a neighborhood attacker with excessive privileges crafts malicious CLI instructions, bypassing supposed restrictions to run unauthorized system-level operations.

This might end in full management over the machine, knowledge exfiltration, or additional community compromise. No distant exploitation is feasible, however the low assault complexity and excessive impression make it a primary goal for insiders or compromised accounts.

Francois Ropert from Fortinet’s PSIRT group found the flaw. Affected platforms embrace high-end fashions just like the 100E/101E collection as much as the 7000F, whereas others stay untouched.

Organizations ought to confirm their setups instantly, as exploitation requires solely native entry and no person interplay.

Fortinet urges upgrades to patched releases. The next desk outlines impacted variations and fixes:

FortiOS VersionAffected BuildsRecommended Solution7.67.6.0Upgrade to 7.6.1 or above7.47.4.0 by way of 7.4.5Upgrade to 7.4.6 or above7.27.2.0 by way of 7.2.10Upgrade to 7.2.11 or above7.07.0.0 by way of 7.0.15Upgrade to 7.0.16 or above6.4All versionsMigrate to a set launch

Use Fortinet’s improve path software for seamless transitions. No indicators of compromise (IoCs) or proof-of-concept exploits have been launched, however monitoring CLI logs for anomalies is suggested.

This incident, beneath FG-IR-24-361, underscores the necessity for least-privilege entry in CLI administration.

Comply with us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

GhostBat RAT Android Malware With Fake RTO Apps Steals Targeting Indian Users to Steal Banking Data GhostBat RAT Android Malware With Fake RTO Apps Steals Targeting Indian Users to Steal Banking Data Cyber Security News
Global Mobile Networks Exploited by Hackers via SS7 and Diameter Global Mobile Networks Exploited by Hackers via SS7 and Diameter Cyber Security News
Xerox FreeFlow Vulnerabilities leads to SSRF and RCE Attacks Xerox FreeFlow Vulnerabilities leads to SSRF and RCE Attacks Cyber Security News
Hackers Actively Exploiting Cisco and Citrix 0-Days in the Wild to Deploy Webshell Hackers Actively Exploiting Cisco and Citrix 0-Days in the Wild to Deploy Webshell Cyber Security News
Critical Flaw in Cisco IMC Software Exposes Systems Critical Flaw in Cisco IMC Software Exposes Systems Cyber Security News
13-Year-Old Dylan – Youngest Security Researcher Collaborates with Microsoft Security Response Center 13-Year-Old Dylan – Youngest Security Researcher Collaborates with Microsoft Security Response Center Cyber Security News