If left unpatched, this flaw could allow attackers to take control of the underlying system. The vulnerability, tracked as CVE-2025-53949, was officially published on December 9, 2025.
The security flaw is described as an “OS Command Injection” vulnerability. In simple terms, this means the software does not correctly check the commands it receives before executing them.
This specific issue affects the Graphic User Interface (GUI) component of FortiSandbox. Because of this error, an attacker with system access (an “authenticated attacker”) could send specially crafted web requests to the device.
These bad requests trick the system into running malicious commands that it shouldn’t.
If successful, the attacker could execute unauthorized code, potentially stealing data, disrupting operations, or gaining further control over the network.
Fortinet has rated the severity of this issue as High, with a CVSS score of 7.0. While the attacker needs to be logged in to use this exploit, the potential damage is significant enough that administrators should act immediately.
The vulnerability affects several versions of FortiSandbox, including the 5.0, 4.4, 4.2, and 4.0 branches.
| Property | Affected Versions | Fixed/Patched Versions |
|---|---|---|
| FortiSandbox 5.0 | 5.0.0 through 5.0.2 | Upgrade to 5.0.3 |
| FortiSandbox 4.4 | 4.4.0 through 4.4.7 | Upgrade to 4.4.8 |
| FortiSandbox 4.2 | All versions (4.2.x) | Migrate to 5.0.3 or 4.4.8 |
| FortiSandbox 4.0 | All versions (4.0.x) | Migrate to 5.0.3 or 4.4.8 |
According to FortiGuard Labs, all organizations using these products should upgrade to the latest safe versions immediately.
Fortinet allows vendors to fix problems before hackers can exploit them widely. System administrators should review their FortiSandbox deployments immediately.
If you are running any of the versions listed above, schedule an upgrade window as soon as possible to protect your network infrastructure from potential attacks.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post FortiSandbox OS command injection Vulnerability Let Attackers execute Malicious code appeared first on Cyber Security News.
Spider-Man and Civil War star Kirsten Dunst is reportedly joining A Minecraft Movie 2 to…
The Secretlab Spring Sale has officially commenced and with it are a couple of different…
Since it debuted in 2016, if you wanted to watch the mega-blockbuster show Stranger Things,…
If you are planning a PC build and have been hoping to get ahold of…
CISA has added a high-severity vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert urging organizations…
This website uses cookies.