CVE-2025-67862 PUBLISHED

Assigner: fortinet
Reserved: 12.12.2025 Published: 09.06.2026 Updated: 09.06.2026

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVSS Score: 6

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Fortinet
Product	FortiOS
Versions	Default: unaffected affected from 7.6.0 to 7.6.1 (incl.) affected from 7.4.0 to 7.4.6 (incl.) affected from 7.2.0 to 7.2.10 (incl.) affected from 7.0.0 to 7.0.16 (incl.) affected from 6.4.0 to 6.4.16 (incl.)

Vendor	Fortinet
Product	FortiProxy
Versions	Default: unaffected affected from 7.6.0 to 7.6.3 (incl.) affected from 7.4.0 to 7.4.10 (incl.) affected from 7.2.0 to 7.2.14 (incl.) affected from 7.0.0 to 7.0.23 (incl.)

Solutions

Upgrade to FortiOS version 7.6.3 or above Upgrade to FortiOS version 7.4.8 or above Upgrade to FortiOS version 7.2.11 or above Upgrade to FortiOS version 7.0.17 or above Upgrade to FortiProxy version 7.6.4 or above Upgrade to FortiProxy version 7.4.11 or above Upgrade to FortiProxy version 7.2.15 or above

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-143

Problem Types

Execute unauthorized code or commands CWE