CVE-2025-53949

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-53949

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53949.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53949

Published

2025-12-09T18:15:53.640Z

Modified

2026-03-13T03:32:09.756238Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests.

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-479

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "4.0.0"
            },
            {
                "last_affected": "4.0.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "4.2.0"
            },
            {
                "last_affected": "4.2.8"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "4.4.0"
            },
            {
                "last_affected": "4.4.7"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "5.0.0"
            },
            {
                "last_affected": "5.0.2"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53949.json"