cvelistv5 - cve-2026-25836

CVE-2026-25836 (GCVE-0-2026-25836)

Vulnerability from cvelistv5

Published

2026-03-10 16:44

Modified

2026-05-12 16:54

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE

CWE-78 - Execute unauthorized code or commands

Summary

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.

References

URL

CERTFR-2026-AVI-0265

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.

Concernant la vulnérabilité CVE-2025-66178, l'éditeur fournit certaines recommandations dans l'attente de la version correctrice.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiClient	FortiClientLinux versions 7.4.x antérieures à 7.4.5
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.6.x antérieures à 7.6.1
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.5
Fortinet	FortiClient	FortiClientLinux versions antérieures à 7.2.13
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.4.8
Fortinet	FortiManager	FortiManager versions antérieures à 7.6.5
Fortinet	FortiManager	FortiManager Cloud versions antérieures à 7.6.5
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.3
Fortinet	FortiDeceptor	FortiDeceptor toutes versions antérieures à 6.2.1
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.1
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions antérieures à 7.6.5
Fortinet	FortiSOAR	FortiSOAR Agent Communication Bridge versions antérieures à 1.1.1
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.6.7
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.7
Fortinet	FortiSIEM	FortiSIEM versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSIEM	FortiSIEM versions 7.3.x antérieures à 7.3.5
Fortinet	FortiWeb	FortiWeb versions 8.0.x antérieures à 8.0.4
Fortinet	FortiRecorder	FortiRecorder toutes versions antérieures à 7.2.4
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions antérieures à 7.4.5
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.8
Fortinet	FortiSwitch	FortiSwitchAXFixed versions 1.0.x antérieures à 1.0.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.6.5
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.9

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-26-078	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-096	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-098	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-080	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-088	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-094	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-092	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-090	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-081	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-095	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-093	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-083	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-087	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-079	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-086	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-077	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-082	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-097	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-085	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-091	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-089	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-084	2026-03-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientLinux versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.13",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.8",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.6.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.6.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor toutes versions ant\u00e9rieures \u00e0 6.2.1",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.6.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR Agent Communication Bridge versions ant\u00e9rieures \u00e0 1.1.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.7",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.5",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.4",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder toutes versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchAXFixed versions 1.0.x ant\u00e9rieures \u00e0 1.0.2",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.6.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-30897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-30897"
    },
    {
      "name": "CVE-2025-53608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53608"
    },
    {
      "name": "CVE-2026-24017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24017"
    },
    {
      "name": "CVE-2025-68648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68648"
    },
    {
      "name": "CVE-2026-24640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24640"
    },
    {
      "name": "CVE-2026-22572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22572"
    },
    {
      "name": "CVE-2025-48418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48418"
    },
    {
      "name": "CVE-2025-48840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48840"
    },
    {
      "name": "CVE-2026-24641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24641"
    },
    {
      "name": "CVE-2026-22627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22627"
    },
    {
      "name": "CVE-2025-55717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55717"
    },
    {
      "name": "CVE-2026-24018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24018"
    },
    {
      "name": "CVE-2025-54820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54820"
    },
    {
      "name": "CVE-2025-49784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49784"
    },
    {
      "name": "CVE-2026-22629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22629"
    },
    {
      "name": "CVE-2025-66178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66178"
    },
    {
      "name": "CVE-2026-25689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25689"
    },
    {
      "name": "CVE-2026-25972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25972"
    },
    {
      "name": "CVE-2025-54659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54659"
    },
    {
      "name": "CVE-2025-68482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68482"
    },
    {
      "name": "CVE-2026-22628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22628"
    },
    {
      "name": "CVE-2026-25836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25836"
    }
  ],
  "initial_release_date": "2026-03-11T00:00:00",
  "last_revision_date": "2026-03-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0265",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-03-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nConcernant la vuln\u00e9rabilit\u00e9 CVE-2025-66178, l\u0027\u00e9diteur fournit certaines recommandations dans l\u0027attente de la version correctrice.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-078",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-078"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-096",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-096"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-098",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-098"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-080",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-080"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-088",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-088"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-094",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-094"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-092",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-092"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-090",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-090"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-081",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-081"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-095",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-095"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-093",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-093"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-083",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-083"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-087",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-087"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-079",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-079"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-086",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-086"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-077",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-077"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-082",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-082"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-097",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-097"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-085",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-085"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-091",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-091"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-089",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-089"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-084",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-084"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted