Fortinet disclosed a high-severity vulnerability in its FortiOS operating system on October 14, 2025, that could enable local authenticated attackers to execute arbitrary system commands.
Tracked as CVE-2025-58325, the flaw stems from an incorrect provision of specified functionality (CWE-684) in the CLI component, potentially leading to privilege escalation.
With a CVSS v3.1 score of 7.8 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), it poses significant risks to enterprise networks relying on Fortinet’s firewalls and security appliances.
The issue arises when a local attacker with high privileges crafts malicious CLI commands, bypassing intended restrictions to run unauthorized system-level operations.
This could result in full control over the device, data exfiltration, or further network compromise. No remote exploitation is possible, but the low attack complexity and high impact make it a prime target for insiders or compromised accounts.
Francois Ropert from Fortinet’s PSIRT team discovered the flaw. Affected platforms include high-end models like the 100E/101E series up to the 7000F, while others remain untouched.
Organizations should verify their setups immediately, as exploitation requires only local access and no user interaction.
Fortinet urges upgrades to patched releases. The following table outlines impacted versions and fixes:
| FortiOS Version | Affected Builds | Recommended Solution |
|---|---|---|
| 7.6 | 7.6.0 | Upgrade to 7.6.1 or above |
| 7.4 | 7.4.0 through 7.4.5 | Upgrade to 7.4.6 or above |
| 7.2 | 7.2.0 through 7.2.10 | Upgrade to 7.2.11 or above |
| 7.0 | 7.0.0 through 7.0.15 | Upgrade to 7.0.16 or above |
| 6.4 | All versions | Migrate to a fixed release |
Use Fortinet’s upgrade path tool for seamless transitions. No indicators of compromise (IoCs) or proof-of-concept exploits were released, but monitoring CLI logs for anomalies is advised.
This incident, under FG-IR-24-361, underscores the need for least-privilege access in CLI management.
