OS Command Injection Vulnerability in Fortinet FortiExtender
CVE-2025-64153

6.7MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiextender
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-64153?

A vulnerability in Fortinet FortiExtender allows authenticated attackers to perform OS command injection through the improper handling of special elements in an HTTP request. This flaw impacts various versions of FortiExtender, enabling unauthorized code execution and posing significant security risks to affected systems. Organizations using the mentioned versions should take immediate action to mitigate this issue and ensure their networks remain secure.

Affected Version(s)

FortiExtender 7.6.0 <= 7.6.3

FortiExtender 7.4.0 <= 7.4.7

FortiExtender 7.2.0 <= 7.2.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-739

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Oct 28, 2025

JSON