CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Restricted CLI escape using Lua

unknownCVE-2025-67862
CVSSv3 Score: 6.0 An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] in FortiOS and FortiProxy may allow an authenticated admin to execute lua scripts via crafted CLI commands. Revised on 2026-06-09 00:00:00

CSIRTS triage

What
An authenticated admin can execute Lua scripts via crafted CLI commands.
Who is affected
Authenticated administrators of FortiOS and FortiProxy.
Urgency
Remediation is necessary due to the potential for unauthorized script execution.
Action
Restrict CLI access or apply patches when available.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch FortiOS and FortiProxy

Get an email when a new FortiOS and FortiProxy advisory drops — max one per day, one-click unsubscribe.

Details

Source
Fortinet FortiGuard PSIRT (INTL · vendor-psirt · site)
Severity
unknown
Published
2026-06-09
Exploitation
Not in CISA KEV at last sync

Original advisory: https://fortiguard.fortinet.com/psirt/FG-IR-26-143

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2025-67862coverage & exploitation statusNVD · CVE.org

More from Fortinet FortiGuard PSIRT