CVE-2025-67862
MEDIUMFortinet FortiOS - Internal Asset Exposed to Unsafe Debug Access Level or State
Title source: ruleDescription
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.
References (1)
Core 1
Core References
Scores
CVSS v3
6.7
EPSS
0.0014
EPSS Percentile
4.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-1244
Status
published
Products (11)
Fortinet/FortiOS
6.4.0 - 6.4.16
fortinet/fortios
6.4.0 - 6.4.16
Fortinet/FortiOS
7.0.0 - 7.0.16
Fortinet/FortiOS
7.2.0 - 7.2.10
Fortinet/FortiOS
7.4.0 - 7.4.6
Fortinet/FortiOS
7.6.0 - 7.6.1
Fortinet/FortiProxy
7.0.0 - 7.0.23
fortinet/fortiproxy
7.0.0 - 7.0.23
Fortinet/FortiProxy
7.2.0 - 7.2.14
Fortinet/FortiProxy
7.4.0 - 7.4.10
... and 1 more
Published
Jun 09, 2026
Tracked Since
Jun 09, 2026