CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-49813

An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.3%

CVSS Severity

CVSS v3 Score 7.2

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-501

Products affected by CVE-2025-49813

Fortinet » Fortiadc » Version: 6.2.0

cpe:2.3:a:fortinet:fortiadc:6.2.0
Fortinet » Fortiadc » Version: 6.2.1

cpe:2.3:a:fortinet:fortiadc:6.2.1
Fortinet » Fortiadc » Version: 6.2.2

cpe:2.3:a:fortinet:fortiadc:6.2.2
Fortinet » Fortiadc » Version: 6.2.3

cpe:2.3:a:fortinet:fortiadc:6.2.3
Fortinet » Fortiadc » Version: 6.2.4

cpe:2.3:a:fortinet:fortiadc:6.2.4
Fortinet » Fortiadc » Version: 6.2.5

cpe:2.3:a:fortinet:fortiadc:6.2.5
Fortinet » Fortiadc » Version: 6.2.6

cpe:2.3:a:fortinet:fortiadc:6.2.6
Fortinet » Fortiadc » Version: 7.1.0

cpe:2.3:a:fortinet:fortiadc:7.1.0
Fortinet » Fortiadc » Version: 7.1.1

cpe:2.3:a:fortinet:fortiadc:7.1.1
Fortinet » Fortiadc » Version: 7.2.0

cpe:2.3:a:fortinet:fortiadc:7.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-49813

Products

Pricing

Contact Us