PT-2025-41966

An Unchecked Return Value vulnerability CWE-252 in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request...

CVE-2025-32766

A stack-based buffer overflow vulnerability CWE-121 in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands...

CVE-2025-47857

A improper neutralization of special elements used in an os command 'os command injection' vulnerability CWE-78 in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands...

CVE-2025-47857

A improper neutralization of special elements used in an os command 'os command injection' vulnerability CWE-78 in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands...

CVE-2025-47857

A improper neutralization of special elements used in an os command 'os command injection' vulnerability CWE-78 in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands...

CVE-2025-32766

The CVE-2025-32766 issue affects Fortinet FortiWeb CLI. A stack-based buffer overflow (CWE-121) in FortiWeb CLI versions 7.6.0–7.6.3 and pre-7.4.8 enables a privileged attacker to run arbitrary code or commands via crafted CLI input. Impact is limited to devices running affected FortiWeb CLI wher...

PT-2025-32881 · Fortinet · Fortiweb Cli

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb CLI versions 7.6.0 through 7.6.3 Fortinet FortiWeb CLI versions prior to 7.4.8 Description: A flaw exists in the improper neutralization of special elements used in an operating system command, specifically an OS command...