---
licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0)
licence_link: https://creativecommons.org/licenses/by/4.0/
licence_restrictions: https://cert.europa.eu/legal-notice
licence_author: The Cybersecurity Service for the Union institutions, bodies, offices and agencies    
title: 'High Severity Vulnerability in FortiOS'
number: '2025-039'
version: '1.0'
original_date: '2025-10-14'
date: '2025-10-15'
---

_History:_

* _15/10/2025 --- v1.0 -- Initial publication_

# Summary 

On October 14, 2025, Fortinet released a security advisory addressing a high severity vulnerability in its FortiOS product [1].

It is recommended updating affected products.

# Technical Details

The vulnerability **CVE-2025-58325**, with a CVSS score of 7.8, is an Incorrect Provision of Specified Functionality flow that may allow a local authenticated attacker to execute system commands via crafted CLI commands.

# Affected Products

The following product versions are affected:

- FortiOS 6.4
- FortiOS 7.0.0 through 7.0.15
- FortiOS 7.2.0 through 7.2.10
- FortiOS 7.4.0 through 7.4.5
- FortiOS 7.6.0

The following platforms are affected:

100E/101E, 100F/101F, 1100E/1101E, 1800F/1801F, 2200E/2201E, 2600F/2601F, 3300E/3301E, 3400E/3401E, 3500F/3501F, 3600E/3601E, 3800D, 3960E, 3980E, 4200F/4201F, 4400F/4401F, 5001E, 6000F, 7000E, and 7000F

_Other models are not affected by this vulnerability._

# Recommendations

It is recommended updating affected products.

# References

[1] <https://fortiguard.fortinet.com/psirt/FG-IR-24-361>