CVE-2026-25089EPSS p83.7%

CVE-2026-25089CVE-2026-25089

fortinet / fortisandbox

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests

Scoring

CVSS 9.8 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS2.66% probability of exploitation · percentile 83.7% · 2026-06-18T12:00:27Z
Last modified2026-06-11

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-53679
CVE
CVE-2025-53949
CVE
CVE-2026-39808
CVE
CVE-2025-52436
CVE
CVE-2026-26083
CVE
CVE-2025-25256
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.