Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
|
Fortinet
Subscribe
|
Configuration 1 [-]
|
No data.
No data.
No advisories yet.
Solution
Upgrade to FortiSandbox version 5.0.3 or above Upgrade to FortiSandbox version 4.4.8 or above Fortinet remediated this issue in FortiSandbox Cloud version 24.2 (not released) and hence customers do not need to perform any action.
Workaround
No workaround given by the vendor.
| Link | Providers |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-25-454 |
|
Tue, 09 Dec 2025 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 09 Dec 2025 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Fortinet Fortisandbox Paas
|
|
| CPEs | cpe:2.3:a:fortinet:_fortisandbox_paas:23.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:_fortisandbox_paas:23.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:_fortisandbox_paas:23.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:_fortisandbox_paas:24.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Fortinet Fortisandbox Paas
|
Tue, 09 Dec 2025 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0 through 5.0.2 and before 4.4.7 GUI allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests. | |
| First Time appeared |
Fortinet
Fortinet fortisandbox Fortinet fortisandboxcloud |
|
| Weaknesses | CWE-78 | |
| CPEs | cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandboxcloud:23.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandboxcloud:24.1:*:*:*:*:*:*:* |
|
| Vendors & Products |
Fortinet
Fortinet fortisandbox Fortinet fortisandboxcloud |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published:
Updated: 2025-12-10T04:57:28.315Z
Reserved: 2025-07-08T09:23:05.010Z
Link: CVE-2025-53679
Vulnrichment
Updated: 2025-12-09T20:19:44.000Z
NVD
Status : Undergoing Analysis
Published: 2025-12-09T18:15:53.477
Modified: 2025-12-09T20:26:08.307
Link: CVE-2025-53679
Redhat
No data.
OpenCVE Enrichment
No data.