{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-53949", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2025-07-15T09:52:08.702Z", "datePublished": "2025-12-09T17:19:24.123Z", "dateUpdated": "2025-12-10T04:57:29.446Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiSandbox", "cpes": ["cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "5.0.0", "lessThanOrEqual": "5.0.2", "status": "affected"}, {"versionType": "semver", "version": "4.4.0", "lessThanOrEqual": "4.4.7", "status": "affected"}, {"versionType": "semver", "version": "4.2.0", "lessThanOrEqual": "4.2.8", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-12-09T17:19:24.123Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to FortiSandbox version 5.0.3 or above\nUpgrade to FortiSandbox version 4.4.8 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-479", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-479"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-09T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-53949"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-10T04:57:29.446Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53949", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-09T20:20:06.713336Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-09T20:20:10.642Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisandbox:4.2.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSandbox", "versions": [{"status": "affected", "version": "5.0.0", "versionType": "semver", "lessThanOrEqual": "5.0.2"}, {"status": "affected", "version": "4.4.0", "versionType": "semver", "lessThanOrEqual": "4.4.7"}, {"status": "affected", "version": "4.2.0", "versionType": "semver", "lessThanOrEqual": "4.2.8"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to FortiSandbox version 5.0.3 or above\nUpgrade to FortiSandbox version 4.4.8 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-479", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-479"}], "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-12-09T17:19:24.123Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53949", "state": "PUBLISHED", "dateUpdated": "2025-12-10T04:57:29.446Z", "dateReserved": "2025-07-15T09:52:08.702Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-12-09T17:19:24.123Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AD9ECD5-FE5A-4772-A53A-04769828A110", "versionEndIncluding": "4.0.6", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "814D77BE-F536-42DE-B068-F92B95D68248", "versionEndIncluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "08D2984D-3F90-42A6-9DC9-5E853E7B3188", "versionEndIncluding": "4.4.7", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5335FAF-6569-44CE-8634-0991C738CCF9", "versionEndIncluding": "5.0.2", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests."}], "id": "CVE-2025-53949", "lastModified": "2025-12-09T20:12:27.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-12-09T18:15:53.640", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-479"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}