CVEFinder.io

CVE-2025-53680

🔶 medium
🔍 Scan for this CVE
Summary

An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code

Description

An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.

CVSS Score
6.7
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-12
First Seen: 2026-05-17
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 48.8% of all 328,009 vulnerabilities in our database.

#167,835
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 12, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-15
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-78

📦 Affected Products 4

Vendor Product Status Affected Versions
fortinet fortiap-u Affected
> 7.0.0 < 7.0.6
fortinet fortiap-w2 Affected
> 7.2.0 < 7.4.5
fortinet fortiap Affected
> 6.4.0 < 7.4.6
fortinet fortiap Affected
> 7.6.0 < 7.6.3

🔗 References 1

https://fortiguard.fortinet.com/psirt/FG-IR-26-131
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-53870 🔶 medium 6.7 0.0 An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet ... 2026-05-12
CVE-2024-26012 🔶 medium 6.7 0.2 A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 a... 2025-01-14
CVE-2023-25608 🔶 medium 5.5 0.2 An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpr... 2023-09-13
CVE-2023-36634 ⚠️ high 7.1 0.1 An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpr... 2023-09-13
CVE-2022-29058 ⚠️ high 7.8 0.2 An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line... 2022-09-06
CVE-2022-30301 ⚠️ high 7.8 0.1 A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 m... 2022-07-19
These CVEs affect the same products