CVE-2025-53870_CVE-2025-53870

6.5 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command.

Basic Information

ID CVE-2025-53870

Source fortinet

Published May 12, 2026 at 16:54

Affected Product

Vendor Fortinet

Product FortiAP

Version 7.6.0

Affected Versions Fortinet FortiAP 7.6.0
Fortinet FortiAP 7.4.0
Fortinet FortiAP 7.2.0
Fortinet FortiAP 7.0.0
Fortinet FortiAP 6.4.3
Fortinet FortiAP-W2 7.4.0
Fortinet FortiAP-W2 7.2.0
Fortinet FortiAP-W2 7.0.0

CWE Classification

CWE-78

References

fortiguard.fortinet.com /psirt/FG-IR-26-133

{
    "lastseen": "",
    "description": "An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow  an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command.",
    "published": "2026-05-12T16:54:32.010Z",
    "modified": "2026-05-12T16:54:32.010Z",
    "type": "cve",
    "title": "CVE-2025-53870",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-26-133",
    "id": "CVE-2025-53870",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiAP 7.6.0\nFortinet FortiAP 7.4.0\nFortinet FortiAP 7.2.0\nFortinet FortiAP 7.0.0\nFortinet FortiAP 6.4.3\nFortinet FortiAP-W2 7.4.0\nFortinet FortiAP-W2 7.2.0\nFortinet FortiAP-W2 7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiAP",
    "version": "7.6.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}