What is CVE-2023-25607?

CVE-2023-25607 is a high-severity OS Command Injection vulnerability affecting multiple Fortinet products. Organizations should prioritize patching to mitigate the risk of exploitation.

What is the severity of CVE-2023-25607?

CVE-2023-25607 has a severity rating of HIGH with a CVSS base score of 7.8.

CVE-2023-25607 | High Vulnerability in Fortinet FortiManager

CVE-2023-25607 is classified as a high-severity OS Command Injection vulnerability that affects several versions of FortiManager, FortiAnalyzer, and FortiADC. This vulnerability allows authenticated attackers with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to improper neutralization of special elements used in OS commands.

The CVSS score for this vulnerability is 7.8, indicating a high level of risk. The attack vector is local, meaning that an attacker must have access to the system to exploit the vulnerability. Given the implications of executing arbitrary commands, organizations must take immediate action.

The urgency to address this vulnerability is critical, as it poses significant risks to confidentiality, integrity, and availability. With a high exploitability score, the potential for this vulnerability to be actively targeted by attackers is a serious concern.

Organizations should prioritize patching immediately to mitigate the associated risks.

Vulnerability Details

The vulnerability allows for OS Command Injection due to unsafe usage of the wordexp function in the management interface of Fortinet products. Specifically, it affects FortiManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, and all versions of 6.2 and 6.0. Similarly, FortiAnalyzer and FortiADC are impacted across various versions.

The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, confirming the severity and potential impact on affected systems.

Technical Analysis

The root cause of CVE-2023-25607 is an improper neutralization of special elements used in OS commands, leading to command injection vulnerabilities. Attackers can exploit this vulnerability by leveraging local access to the management interface.

The attack vector is categorized as local, with a low attack complexity. Privileges required are low, which means even users with minimal access can exploit the vulnerability without any user interaction. The impacts are severe, affecting confidentiality, integrity, and availability, all rated as high.

Risk & Impact Analysis

Risk to organizations includes unauthorized command execution, potentially compromising the entire system. The blast radius is significant given that multiple versions of Fortinet products are affected, making it imperative for organizations to address this vulnerability promptly.

Based on the CVSS score and its implications, organizations should address this vulnerability in their priority patch cycle to ensure operational security.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The following versions of Fortinet products are affected by this vulnerability:

FortiManager: 6.0.0 - 6.0.12, 6.2.0 - 6.2.12, 6.4.0 - 6.4.11, 7.0.0 - 7.0.7, 7.2.0 - 7.2.2.

FortiAnalyzer: 6.0.0 - 6.0.12, 6.2.0 - 6.2.12, 6.4.0 - 6.4.11, 7.0.0 - 7.0.7, 7.2.0 - 7.2.2.

FortiADC: 6.0.0 - 6.0.4, 6.1.0 - 6.1.6, 6.2.0 - 6.2.6, 7.0.0 - 7.0.3, 7.1.0.

Mitigation & Remediation

Organizations should ensure they are running the latest versions of Fortinet products to mitigate this vulnerability.

If patches are not yet available, consider implementing network controls to segment access to management interfaces and monitor for unusual activity.

For further guidance on security testing, organizations should consider engaging in penetration testing to validate their security posture.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unusual command execution patterns and ensure proper logging is enabled on affected systems.

Behavioral anomalies in user activity, particularly those involving management interfaces, should be flagged for review.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2023-25607 lies in its demonstration of the risk associated with command injection vulnerabilities in network management products.

As attackers increasingly target these critical components, organizations must adopt robust security practices and vulnerability management programs.

For insights into building a comprehensive security strategy, organizations can explore our resources on vulnerability management programs and consider a tailored penetration testing methodology to enhance their defenses.

Attending to vulnerabilities such as CVE-2023-25607 is essential to maintaining a robust security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-25607: High Vulnerability in Fortinet FortiManager