Incorrect Provision of Specified Functionality

CVE-2025-58325

High

8.2/10

Summary

An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-684 - Incorrect Provision of Specified Functionality

The code does not function according to its published specifications, potentially leading to incorrect usage.

References

Advisory Timeline

Published Oct 14, 2025

Incorrect Provision of Specified Functionality

CVE-2025-58325

Summary

CWE-684 - Incorrect Provision of Specified Functionality

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS