AI description
CVE-2025-58325 is a vulnerability in Fortinet's FortiOS that stems from an "Incorrect Provision of Specified Functionality". This flaw, classified as CWE-684, resides in the CLI command processing logic. The vulnerability allows a local, authenticated attacker to execute system commands by crafting specific CLI commands that bypass intended restrictions. The vulnerability exists because certain hidden or undocumented CLI command options are not properly restricted. An attacker with valid CLI access can exploit this by issuing specially crafted commands, leading to privilege escalation and potential full system compromise. Exploitation requires local access and no user interaction. The affected platforms include high-end FortiGate models such as the 100E/101E series up to the 7000F.
- Description
- An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortios
CVSS 3.1
- Type
- Primary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- psirt@fortinet.com
- CWE-684
- Hype score
- Not currently trending
CVE-2025-58325 An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all v… https://t.co/KIncEze1Xs
@CVEnew
16 Oct 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Un error en FortiOS permite a usuarios locales ejecutar comandos como root Fortinet reveló una vulnerabilidad de severidad alta (CVE-2025-58325) en su sistema operativo FortiOS. Afecta a múltiples modelos de firewalls y appliances. Y permite a un atacante local con
@CycuraMX
16 Oct 2025
15354 Impressions
56 Retweets
143 Likes
50 Bookmarks
2 Replies
3 Quotes
FortiOS: Bypass de restricciones CLI permite ejecutar comandos del sistema (CVE-2025-58325) Más información: https://t.co/gXb9N1HRgk https://t.co/V2jDgaJO3u
@CSIRT_Telconet
16 Oct 2025
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortiOS CLI Bypass Lets Attackers Run Arbitrary Commands Fortinet disclosed CVE-2025-58325, a FortiOS vulnerability allowing admins to bypass CLI restrictions and execute unauthorized commands. Discovered by Fortinet PSIRT, the flaw poses significant security risks. Published ht
@Secwiserapp
15 Oct 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinetは、同社のファイアウォール製品などで使用されるFortiOSオペレーティングシステムに、ローカルで認証された攻撃者が任意のシステムコマンドを実行できる重大な脆弱性(CVE-2025-58325)を公表した。
@yousukezan
14 Oct 2025
2988 Impressions
4 Retweets
16 Likes
3 Bookmarks
0 Replies
0 Quotes
FortiOS CVE-2025-58325: CLI Command Bypass A new flaw in FortiOS lets attackers bypass CLI command restrictions. Privilege escalation is possible until patched. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #NetworkSecurity https://t.co/qk2Md8Qjxt
@ZeroPathLabs
14 Oct 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
**CVE-2025-58325** pertains to an **Incorrect Provision of Specified Functionality** vulnerability, classified under **CWE-684**. This flaw exists in various versions of **FortiOS**, a widely used network security operating system, and allows an **authenticated local attacker**
@CveTodo
14 Oct 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA0532A5-31F2-4A92-BF31-6003E28AC948",
"versionEndExcluding": "7.0.16",
"versionStartIncluding": "6.4.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4386465B-EFF9-41BA-B393-82135A2591DE",
"versionEndExcluding": "7.2.11",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "199954FD-1280-46F8-8515-7591CE75A1E5",
"versionEndExcluding": "7.4.6",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44CE8EE3-D64A-49C8-87D7-C18B302F864A"
}
],
"operator": "OR"
}
]
}
]