CVE Catalog

CVE-2025-53680

MediumCVSS 6.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.56%

43th percentile - higher than 43% of all known CVEs

Summary

An OS Command Injection vulnerability in Fortinet FortiAP allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.

Risk Assessment

An attacker could take control of the FortiAP device, potentially leading to network integrity compromise, data leakage, or further attacks on the infrastructure.

Recommendation

Immediately update FortiAP to a patched version and restrict CLI access to trusted administrators only.

Original NVD description (English source)

An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS