Volerion logoVolerion
Volerion logoVolerion

Fortinet FortiSandbox OS Command Injection Vulnerability in GUI

Vulnerability

A vulnerability allowing OS command injection has been identified in the Fortinet FortiSandbox GUI, specifically in versions 5.0.0 through 5.0.2 and prior to 4.4.7. This vulnerability allows remote privileged attackers to execute unauthorized code or commands by sending crafted HTTP or HTTPS requests.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the affected system.

Remediation

Users of Fortinet FortiSandbox should upgrade to version 5.0.3 or above if they are using FortiSandbox 5.0, or to version 4.4.8 or above if they are using FortiSandbox 4.4.0 through 4.4.7. FortiSandbox Cloud 24.1 users should note that this issue will be addressed in the upcoming 24.2 release. FortiSandbox Cloud 23 users should migrate to a fixed release.

Added: Dec 9, 2025, 10:59 PM
Updated: Dec 9, 2025, 10:59 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
10.0
exploitability
4.4
remediation
7.7
relevance
1.4
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.