ID
VAR-202512-1753
CVE
CVE-2025-53679
DESCRIPTION
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1, FortiSandbox Cloud 23 all versions allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.
Trust: 1.0
sources:
NVD: CVE-2025-53679
AFFECTED PRODUCTS
| vendor: | fortinet | model: | fortisandbox cloud | scope: | lt | version: | 23.4.4374 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox | scope: | gte | version: | 4.0.0 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox cloud | scope: | eq | version: | 24.1.4436 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox cloud | scope: | gte | version: | 23.1.4245 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox | scope: | gte | version: | 5.0.0 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox | scope: | lt | version: | 5.0.3 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox | scope: | lt | version: | 4.4.8 | Trust: 1.0 |
sources:
NVD: CVE-2025-53679
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||
|
|
sources:
NVD: CVE-2025-53679
PROBLEMTYPE DATA
| problemtype: | CWE-78 | Trust: 1.0 |
sources:
NVD: CVE-2025-53679
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-53679 | Trust: 1.0 |
sources:
NVD: CVE-2025-53679
REFERENCES
| url: | https://fortiguard.fortinet.com/psirt/fg-ir-25-454 | Trust: 1.0 |
sources:
NVD: CVE-2025-53679
SOURCES
| db: | NVD | id: | CVE-2025-53679 |
LAST UPDATE DATE
2026-02-06T23:47:45.191000+00:00
SOURCES UPDATE DATE
| db: | NVD | id: | CVE-2025-53679 | date: | 2026-02-05T16:58:45.770 |
SOURCES RELEASE DATE
| db: | NVD | id: | CVE-2025-53679 | date: | 2025-12-09T18:15:53.477 |