Internal Asset Exposed to Unsafe Debug Access in Fortinet FortiOS and FortiProxy
CVE-2025-67862

6MEDIUM

Key Information:

Vendor: Fortinet
Status: FortiOS; Fortiproxy
Vendor: CVE Published:; 9 June 2026

What is CVE-2025-67862?

A vulnerability exists in Fortinet's FortiOS and FortiProxy products that allows an authenticated administrator to execute malicious lua scripts using crafted command-line interface (CLI) commands. The affected versions of FortiOS span from 6.4 to 7.6.2, while FortiProxy is affected from 7.0 all the way up to 7.6.3. This flaw exposes internal assets to potential misuse due to improper handling of debug access levels or states.

Affected Version(s)

FortiOS 7.6.0 <= 7.6.1

FortiOS 7.4.0 <= 7.4.6

FortiOS 7.2.0 <= 7.2.10

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-143

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
Dec 12, 2025

CVE-2025-67862 Data

JSON