Vulnerability Details CVE-2025-53679
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0 through 5.0.2 and before 4.4.7 GUI allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.
Exploit prediction scoring system (EPSS) score
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2025-53679
-
cpe:2.3:a:fortinet:_fortisandbox_paas:23.1
-
cpe:2.3:a:fortinet:_fortisandbox_paas:23.3
-
cpe:2.3:a:fortinet:_fortisandbox_paas:23.4
-
cpe:2.3:a:fortinet:_fortisandbox_paas:24.1
-
cpe:2.3:a:fortinet:fortisandbox:-
-
cpe:2.3:a:fortinet:fortisandbox:1.2.0
-
cpe:2.3:a:fortinet:fortisandbox:1.2.3
-
cpe:2.3:a:fortinet:fortisandbox:1.3.0
-
cpe:2.3:a:fortinet:fortisandbox:1.4.0
-
cpe:2.3:a:fortinet:fortisandbox:1.4.1
-
cpe:2.3:a:fortinet:fortisandbox:1.4.2
-
cpe:2.3:a:fortinet:fortisandbox:2.0.0
-
cpe:2.3:a:fortinet:fortisandbox:2.0.2
-
cpe:2.3:a:fortinet:fortisandbox:2.0.3
-
cpe:2.3:a:fortinet:fortisandbox:2.1.0
-
cpe:2.3:a:fortinet:fortisandbox:2.1.1
-
cpe:2.3:a:fortinet:fortisandbox:2.1.2
-
cpe:2.3:a:fortinet:fortisandbox:2.1.3
-
cpe:2.3:a:fortinet:fortisandbox:2.2.0
-
cpe:2.3:a:fortinet:fortisandbox:2.2.1
-
cpe:2.3:a:fortinet:fortisandbox:2.2.2
-
cpe:2.3:a:fortinet:fortisandbox:2.3.0
-
cpe:2.3:a:fortinet:fortisandbox:2.3.2
-
cpe:2.3:a:fortinet:fortisandbox:2.3.3
-
cpe:2.3:a:fortinet:fortisandbox:2.4.0
-
cpe:2.3:a:fortinet:fortisandbox:2.4.1
-
cpe:2.3:a:fortinet:fortisandbox:2.5.0
-
cpe:2.3:a:fortinet:fortisandbox:2.5.1
-
cpe:2.3:a:fortinet:fortisandbox:2.5.2
-
cpe:2.3:a:fortinet:fortisandbox:3.0.0
-
cpe:2.3:a:fortinet:fortisandbox:3.0.1
-
cpe:2.3:a:fortinet:fortisandbox:3.0.2
-
cpe:2.3:a:fortinet:fortisandbox:3.0.3
-
cpe:2.3:a:fortinet:fortisandbox:3.0.4
-
cpe:2.3:a:fortinet:fortisandbox:3.0.5
-
cpe:2.3:a:fortinet:fortisandbox:3.0.6
-
cpe:2.3:a:fortinet:fortisandbox:3.0.7
-
cpe:2.3:a:fortinet:fortisandbox:3.1.0
-
cpe:2.3:a:fortinet:fortisandbox:3.1.1
-
cpe:2.3:a:fortinet:fortisandbox:3.1.2
-
cpe:2.3:a:fortinet:fortisandbox:3.1.3
-
cpe:2.3:a:fortinet:fortisandbox:3.1.4
-
cpe:2.3:a:fortinet:fortisandbox:3.1.5
-
cpe:2.3:a:fortinet:fortisandbox:3.2.0
-
cpe:2.3:a:fortinet:fortisandbox:3.2.1
-
cpe:2.3:a:fortinet:fortisandbox:3.2.2
-
cpe:2.3:a:fortinet:fortisandbox:3.2.3
-
cpe:2.3:a:fortinet:fortisandbox:3.2.4
-
cpe:2.3:a:fortinet:fortisandbox:4.0.0
-
cpe:2.3:a:fortinet:fortisandbox:4.0.1
-
cpe:2.3:a:fortinet:fortisandbox:4.0.2
-
cpe:2.3:a:fortinet:fortisandbox:4.0.3
-
cpe:2.3:a:fortinet:fortisandbox:4.0.4
-
cpe:2.3:a:fortinet:fortisandbox:4.0.5
-
cpe:2.3:a:fortinet:fortisandbox:4.0.6
-
cpe:2.3:a:fortinet:fortisandbox:4.1.0
-
cpe:2.3:a:fortinet:fortisandbox:4.2.0
-
cpe:2.3:a:fortinet:fortisandbox:4.2.1
-
cpe:2.3:a:fortinet:fortisandbox:4.2.2
-
cpe:2.3:a:fortinet:fortisandbox:4.2.3
-
cpe:2.3:a:fortinet:fortisandbox:4.2.4
-
cpe:2.3:a:fortinet:fortisandbox:4.2.5
-
cpe:2.3:a:fortinet:fortisandbox:4.2.6
-
cpe:2.3:a:fortinet:fortisandbox:4.2.7
-
cpe:2.3:a:fortinet:fortisandbox:4.2.8
-
cpe:2.3:a:fortinet:fortisandbox:4.4.0
-
cpe:2.3:a:fortinet:fortisandbox:4.4.1
-
cpe:2.3:a:fortinet:fortisandbox:4.4.2
-
cpe:2.3:a:fortinet:fortisandbox:4.4.3
-
cpe:2.3:a:fortinet:fortisandbox:4.4.4
-
cpe:2.3:a:fortinet:fortisandbox:4.4.5
-
cpe:2.3:a:fortinet:fortisandbox:4.4.6
-
cpe:2.3:a:fortinet:fortisandbox:4.4.7
-
cpe:2.3:a:fortinet:fortisandbox:5.0.0
-
cpe:2.3:a:fortinet:fortisandbox:5.0.1
-
cpe:2.3:a:fortinet:fortisandbox:5.0.2