CVE-2025-67862

🔶 medium

Summary

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.

CVSS Score

6.7

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2026-06-09

First Seen: 2026-06-10

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 48.8% of all 327,350 vulnerabilities in our database.

#167,454

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Jun 9, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Total

Complete system compromise possible

SSVC data provided by CISA

Last Modified 2026-06-11

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE IDs (Weakness Types)

CWE-1244

📦 Affected Products 9

Vendor	Product	Status	Affected Versions
fortinet	fortios	Affected	> 6.4.0 < 6.4.16
fortinet	fortios	Affected	> 7.0.0 < 7.0.16
fortinet	fortios	Affected	> 7.2.0 < 7.2.11
fortinet	fortios	Affected	> 7.4.0 < 7.4.8
fortinet	fortios	Affected	> 7.6.0 < 7.6.3
fortinet	fortiproxy	Affected	> 7.0.0 < 7.0.23
fortinet	fortiproxy	Affected	> 7.2.0 < 7.2.15
fortinet	fortiproxy	Affected	> 7.4.0 < 7.4.11
fortinet	fortiproxy	Affected	> 7.6.0 < 7.6.4

🔗 References 1

https://fortiguard.fortinet.com/psirt/FG-IR-26-143

Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-53844	⚠️ high	8.8	0.0	A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 ...	2026-05-12
CVE-2025-53847	🔶 medium	6.5	0.0	A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 thro...	2026-04-14
CVE-2025-55018	🔶 medium	5.8	0.1	An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, Fort...	2026-02-10
CVE-2025-64157	🔶 medium	6.7	0.0	A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 throug...	2026-02-10
CVE-2025-68686	🔶 medium	5.9	0.0	An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS ...	2026-02-10
CVE-2026-22153	⚠️ high	8.1	0.1	An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6...	2026-02-10

These CVEs affect the same products