OS Command Injection Vulnerability in Fortinet FortiVoice
CVE-2025-47856

7.2HIGH

Key Information:

Vendor: Fortinet
Status: Fortivoice
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-47856?

This vulnerability in Fortinet FortiVoice allows attackers with privileged access to exploit improper neutralization of special elements in OS commands. By crafting specific HTTP or HTTPS requests or using CLI commands, an attacker can execute arbitrary code on affected versions. This vulnerability poses a significant risk by potentially allowing unauthorized control over the affected system, which may lead to data breaches or service disruption.

Affected Version(s)

FortiVoice 7.2.0

FortiVoice 7.0.0 <= 7.0.6

FortiVoice 6.4.0 <= 6.4.10

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-250

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
May 12, 2025

JSON