CVE-2025-67862

Published: Jun 9, 2026Modified: Jun 11, 2026

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: psirt@fortinet.com (Secondary)

Description

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.

Affected (9)

Products: Fortinet: Fortios, Fortiproxy

Fortinet

2 products

Fortios

Fortiproxy

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	From 6.4.0 to 6.4.16
Fortinet Fortios	From 7.0.0 to 7.0.16
Fortinet Fortios	From 7.2.0 to 7.2.11
Fortinet Fortios	From 7.4.0 to 7.4.8
Fortinet Fortios	From 7.6.0 to 7.6.3

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiproxy	From 7.0.0 to 7.0.23
Fortinet Fortiproxy	From 7.2.0 to 7.2.15
Fortinet Fortiproxy	From 7.4.0 to 7.4.11
Fortinet Fortiproxy	From 7.6.0 to 7.6.4

Related CWEs

CWE-1244

Internal Asset Exposed to Unsafe Debug Access Level or State

The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-26-143

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.