Vulnerability Details CVE-2025-47857
A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.3%
CVSS Severity
CVSS v3 Score 6.7
Products affected by CVE-2025-47857
-
cpe:2.3:a:fortinet:fortiweb:7.4.1
-
cpe:2.3:a:fortinet:fortiweb:7.4.2
-
cpe:2.3:a:fortinet:fortiweb:7.4.3
-
cpe:2.3:a:fortinet:fortiweb:7.4.4
-
cpe:2.3:a:fortinet:fortiweb:7.4.5
-
cpe:2.3:a:fortinet:fortiweb:7.4.6
-
cpe:2.3:a:fortinet:fortiweb:7.4.7
-
cpe:2.3:a:fortinet:fortiweb:7.4.8
-
cpe:2.3:a:fortinet:fortiweb:7.6.0
-
cpe:2.3:a:fortinet:fortiweb:7.6.1
-
cpe:2.3:a:fortinet:fortiweb:7.6.2
-
cpe:2.3:a:fortinet:fortiweb:7.6.3