CVE-2025-53949
Published: 09 December 2025
Description
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker…
more
to execute unauthorized code on the underlying system via crafted HTTP requests.
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation and sanitization of crafted HTTP request inputs to prevent OS command injection (CWE-78).
Mandates timely patching and remediation of the specific flaw in vulnerable FortiSandbox versions as per vendor advisory.
Enforces least privilege to restrict high-privilege (PR:H) access needed for authenticated exploitation of the vulnerability.
Security SummaryAI
CVE-2025-53949 is an Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability, classified under CWE-78, affecting Fortinet FortiSandbox versions 5.0.0 through 5.0.2, 4.4.0 through 4.4.7, 4.2 all versions, and 4.0 all versions. Published on 2025-12-09, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts with network accessibility and low attack complexity.
An authenticated attacker with high privileges (PR:H) can exploit the vulnerability by sending crafted HTTP requests to the affected FortiSandbox instances. Successful exploitation may allow execution of unauthorized code on the underlying operating system.
Mitigation details are provided in the Fortinet PSIRT advisory at https://fortiguard.fortinet.com/psirt/FG-IR-25-479.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS Command Injection (CWE-78) allows arbitrary OS command execution via crafted HTTP requests, directly mapping to Unix Shell (T1059.004) on Linux-based FortiSandbox.