VDB

GCVE-110-NCSC-2025-372

GCVE-110-NCSC-2025-372
Advisory PublishedCVSS 7.2/10
Vulnetix · Advisory published November 19, 2025
Fortinet FortiWeb versions 8.0.0 to 8.0.1, 7.6.0 to 7.6.5, 7.4.0 to 7.4.10, 7.2.0 to 7.2.11, and 7.0.0 to 7.0.11 are vulnerable to OS Command Injection, allowing authenticated attackers to execute unauthorized code.

Weaknesses (CWE)

CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Risk Scores

CVSS 3.1
7.2/10
High · CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Fortinetvers:unknown/*

References

advisory
advisory
advisory
exploit

Browse GCVE Records

71,925 records in the GCVE database · Updated July 13, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›