Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiExtender | unaffected |
|
Configuration 1 [-]
| AND |
|
No data.
No data available yet.
Vendor Solution
Upgrade to FortiExtender version 7.6.4 or above Upgrade to FortiExtender version 7.4.8 or above
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-25-739 |
|
Tue, 09 Dec 2025 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Fortinet fortiextender Firmware
|
|
| CPEs | cpe:2.3:h:fortinet:fortiextender:-:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Fortinet fortiextender Firmware
|
Tue, 09 Dec 2025 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 09 Dec 2025 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request. | |
| First Time appeared |
Fortinet
Fortinet fortiextender |
|
| Weaknesses | CWE-78 | |
| CPEs | cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiextender:7.6.3:*:*:*:*:*:*:* |
|
| Vendors & Products |
Fortinet
Fortinet fortiextender |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: fortinet
Published:
Updated: 2026-01-14T09:17:27.371Z
Reserved: 2025-10-28T12:26:50.749Z
Link: CVE-2025-64153
Vulnrichment
Updated: 2025-12-09T20:21:19.163Z
NVD
Status : Analyzed
Published: 2025-12-09T18:16:04.910
Modified: 2025-12-09T21:25:28.153
Link: CVE-2025-64153
Redhat
No data.
OpenCVE Enrichment
No data.