CVE-2024-48891

6.6MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortisoar On-premise
Vendor: CVE Published:; 14 October 2025

What is CVE-2024-48891?

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access (via another hypothetical vulnerability) to perform a local privilege escalation via crafted commands.

Affected Version(s)

FortiSOAR on-premise 7.6.0

FortiSOAR on-premise 7.5.0 <= 7.5.1

FortiSOAR on-premise 7.4.0 <= 7.4.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-412

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Oct 9, 2024

JSON

Fortinet

What is CVE-2024-48891?

Affected Version(s)

References

CVSS V3.1

Timeline