Sign-up

ID

VAR-202510-1123


CVE

CVE-2025-47856


DESCRIPTION

Two improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiVoice version 7.2.0, 7.0.0 through 7.0.6 and before 6.4.10 allows a privileged attacker to execute arbitrary code or commands via crafted HTTP/HTTPS or CLI requests.

Trust: 1.0

sources: NVD: CVE-2025-47856

AFFECTED PRODUCTS

vendor:fortinetmodel:fortivoicescope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:ltversion:7.0.7

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:ltversion:6.4.11

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:eqversion:7.2.0

Trust: 1.0

sources: NVD: CVE-2025-47856

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2025-47856
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2025-47856
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-47856

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2025-47856

EXTERNAL IDS

db:NVDid:CVE-2025-47856

Trust: 1.0

sources: NVD: CVE-2025-47856

REFERENCES

url:https://fortiguard.fortinet.com/psirt/fg-ir-25-250

Trust: 1.0

sources: NVD: CVE-2025-47856

SOURCES

db:NVDid:CVE-2025-47856

LAST UPDATE DATE

2025-10-16T23:44:36.140000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-47856date:2025-10-16T13:10:32.550

SOURCES RELEASE DATE

db:NVDid:CVE-2025-47856date:2025-10-14T14:15:49.927