CVE-2025-67862
MediumCVSS 6.7Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability in Fortinet FortiOS and FortiProxy allows an authenticated admin to execute lua scripts via crafted CLI commands. This affects multiple versions of FortiOS and FortiProxy.
Risk Assessment
This vulnerability may lead to unauthorized access to the system and potential execution of malicious code, posing a serious security threat to the organization.
Recommendation
It is recommended to update to the latest versions of FortiOS and FortiProxy that mitigate this vulnerability and to review and restrict access to the CLI interface.
Original NVD description (English source)
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.

