{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2025-039.pdf"
    },
    "title": "High Severity Vulnerability in FortiOS",
    "serial_number": "2025-039",
    "publish_date": "15-10-2025 18:41:33",
    "description": "On October 14, 2025, Fortinet released a security advisory addressing a high severity vulnerability in its FortiOS product.<br>\nIt is recommended updating affected products.<br>\n",
    "url_title": "2025-039",
    "content_markdown": "---    \ntitle: 'High Severity Vulnerability in\u00a0FortiOS'\nnumber: '2025-039'\nversion: '1.0'\noriginal_date: '2025-10-14'\ndate: '2025-10-15'\n---\n\n_History:_\n\n* _15/10/2025 --- v1.0 -- Initial publication_\n\n# Summary \n\nOn October 14, 2025, Fortinet released a security advisory addressing a high severity vulnerability in its FortiOS product [1].\n\nIt is recommended updating affected products.\n\n# Technical Details\n\nThe vulnerability **CVE-2025-58325**, with a CVSS score of 7.8, is an Incorrect Provision of Specified Functionality flow that may allow a local authenticated attacker to execute system commands via crafted CLI commands.\n\n# Affected Products\n\nThe following product versions are affected:\n\n- FortiOS 6.4\n- FortiOS 7.0.0 through 7.0.15\n- FortiOS 7.2.0 through 7.2.10\n- FortiOS 7.4.0 through 7.4.5\n- FortiOS 7.6.0\n\nThe following platforms are affected:\n\n100E/101E, 100F/101F, 1100E/1101E, 1800F/1801F, 2200E/2201E, 2600F/2601F, 3300E/3301E, 3400E/3401E, 3500F/3501F, 3600E/3601E, 3800D, 3960E, 3980E, 4200F/4201F, 4400F/4401F, 5001E, 6000F, 7000E, and 7000F\n\n_Other models are not affected by this vulnerability._\n\n# Recommendations\n\nIt is recommended updating affected products.\n\n# References\n\n[1] <https://fortiguard.fortinet.com/psirt/FG-IR-24-361>",
    "content_html": "<p><em>History:</em></p><ul><li><em>15/10/2025 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On October 14, 2025, Fortinet released a security advisory addressing a high severity vulnerability in its FortiOS product [1].</p><p>It is recommended updating affected products.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2025-58325</strong>, with a CVSS score of 7.8, is an Incorrect Provision of Specified Functionality flow that may allow a local authenticated attacker to execute system commands via crafted CLI commands.</p><h2 id=\"affected-products\">Affected Products</h2><p>The following product versions are affected:</p><ul><li>FortiOS 6.4</li><li>FortiOS 7.0.0 through 7.0.15</li><li>FortiOS 7.2.0 through 7.2.10</li><li>FortiOS 7.4.0 through 7.4.5</li><li>FortiOS 7.6.0</li></ul><p>The following platforms are affected:</p><p>100E/101E, 100F/101F, 1100E/1101E, 1800F/1801F, 2200E/2201E, 2600F/2601F, 3300E/3301E, 3400E/3401E, 3500F/3501F, 3600E/3601E, 3800D, 3960E, 3980E, 4200F/4201F, 4400F/4401F, 5001E, 6000F, 7000E, and 7000F</p><p><em>Other models are not affected by this vulnerability.</em></p><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended updating affected products.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://fortiguard.fortinet.com/psirt/FG-IR-24-361\">https://fortiguard.fortinet.com/psirt/FG-IR-24-361</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}