Primary

Context

Fortinet FortiSOAR Privilege Escalation Vulnerability via OS Command Injection

Vulnerability

Patched

A vulnerability allowing local privilege escalation through OS command injection has been identified in Fortinet FortiSOAR versions 7.6.0 to 7.6.1, 7.5.0 to 7.5.1, and all versions of 7.4 and 7.3. This vulnerability could be exploited by an attacker with low-privileged shell access to execute crafted commands that escalate privileges.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling a user to gain elevated rights or access within the application or system.

Remediation

Users can upgrade to FortiSOAR version 7.6.2 or above, or 7.5.2 or above. For FortiSOAR versions 7.4 and 7.3, users should migrate to a fixed release.

Added: Oct 14, 2025, 4:34 PM

Updated: Oct 14, 2025, 11:14 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiSOAR Privilege Escalation Vulnerability via OS Command Injection

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiSOAR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating