CVE-2025-67862

MEDIUM

Fortinet FortiOS - Internal Asset Exposed to Unsafe Debug Access Level or State

Title source: rule
STIX 2.1

Description

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.

References (1)

Core 1

Scores

CVSS v3 6.7
EPSS 0.0014
EPSS Percentile 4.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-1244
Status published
Products (11)
Fortinet/FortiOS 6.4.0 - 6.4.16
fortinet/fortios 6.4.0 - 6.4.16
Fortinet/FortiOS 7.0.0 - 7.0.16
Fortinet/FortiOS 7.2.0 - 7.2.10
Fortinet/FortiOS 7.4.0 - 7.4.6
Fortinet/FortiOS 7.6.0 - 7.6.1
Fortinet/FortiProxy 7.0.0 - 7.0.23
fortinet/fortiproxy 7.0.0 - 7.0.23
Fortinet/FortiProxy 7.2.0 - 7.2.14
Fortinet/FortiProxy 7.4.0 - 7.4.10
... and 1 more
Published Jun 09, 2026
Tracked Since Jun 09, 2026