OS Command Injection Vulnerability in Fortinet's FortiSOAR Affects Multiple Versions
CVE-2024-48891

6.6MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortisoar On-premise
Vendor: CVE Published:; 14 October 2025

What is CVE-2024-48891?

An OS Command Injection vulnerability exists in FortiSOAR that allows an attacker with low-privileged shell access to escalate privileges by executing crafted commands. This security flaw affects various versions of FortiSOAR and could pose significant risks if exploited. For more details, refer to the official Fortinet advisory.

Affected Version(s)

FortiSOAR on-premise 7.6.0

FortiSOAR on-premise 7.5.0 <= 7.5.1

FortiSOAR on-premise 7.4.0 <= 7.4.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-412

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Oct 9, 2024

JSON