FortiOS 7.6.3: Unsafe Debug CLI allows admin to exec Lua scripts
CVE-2025-67862 Published on June 9, 2026
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.
Vulnerability Analysis
CVE-2025-67862 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Access to Sensitive Information Using Debug and Test Interfaces
The product's physical debug and test interface protection does not block untrusted agents, resulting in unauthorized access to and potentially control of sensitive assets.
Products Associated with CVE-2025-67862
stack.watch emails you whenever new vulnerabilities are published in Fortinet FortiOS or Fortinet FortiProxy. Just hit a watch button to start following.
Affected Versions
Fortinet FortiOS:- Version 7.6.0, <= 7.6.1 is affected.
- Version 7.4.0, <= 7.4.6 is affected.
- Version 7.2.0, <= 7.2.10 is affected.
- Version 7.0.0, <= 7.0.16 is affected.
- Version 6.4.0, <= 6.4.16 is affected.
- Version 7.6.0, <= 7.6.3 is affected.
- Version 7.4.0, <= 7.4.10 is affected.
- Version 7.2.0, <= 7.2.14 is affected.
- Version 7.0.0, <= 7.0.23 is affected.