{"api_version":"1","generated_at":"2026-05-13T11:12:27+00:00","cve":"CVE-2025-53870","urls":{"html":"https://cve.report/CVE-2025-53870","api":"https://cve.report/api/cve/CVE-2025-53870.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-53870","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-53870"},"summary":{"title":"CVE-2025-53870","description":"An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow  an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command.","state":"PUBLISHED","assigner":"fortinet","published_at":"2026-05-12 18:16:36","updated_at":"2026-05-12 18:57:02"},"problem_types":["CWE-78","CWE-78 Escalation of privilege"],"metrics":[{"version":"3.1","source":"psirt@fortinet.com","type":"Secondary","score":"6.7","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C","version":"3.1"}}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-133","name":"https://fortiguard.fortinet.com/psirt/FG-IR-26-133","refsource":"psirt@fortinet.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-53870","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53870","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Fortinet","product":"FortiAP","version":"affected 7.6.0 7.6.2 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiAP","version":"affected 7.4.0 7.4.5 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiAP","version":"affected 7.2.0 7.2.6 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiAP","version":"affected 7.0.0 7.0.7 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiAP","version":"affected 6.4.3 6.4.9 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiAP-W2","version":"affected 7.4.0 7.4.4 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiAP-W2","version":"affected 7.2.0 7.2.5 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiAP-W2","version":"affected 7.0.0 7.0.8 semver","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Upgrade to FortiAP version 7.6.3 or above\nUpgrade to FortiAP version 7.4.6 or above\nUpgrade to FortiAP-U version 7.0.6 or above\nUpgrade to FortiAP-W2 version 7.4.5 or above","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiAP","vendor":"Fortinet","versions":[{"lessThanOrEqual":"7.6.2","status":"affected","version":"7.6.0","versionType":"semver"},{"lessThanOrEqual":"7.4.5","status":"affected","version":"7.4.0","versionType":"semver"},{"lessThanOrEqual":"7.2.6","status":"affected","version":"7.2.0","versionType":"semver"},{"lessThanOrEqual":"7.0.7","status":"affected","version":"7.0.0","versionType":"semver"},{"lessThanOrEqual":"6.4.9","status":"affected","version":"6.4.3","versionType":"semver"}]},{"cpes":["cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiAP-W2","vendor":"Fortinet","versions":[{"lessThanOrEqual":"7.4.4","status":"affected","version":"7.4.0","versionType":"semver"},{"lessThanOrEqual":"7.2.5","status":"affected","version":"7.2.0","versionType":"semver"},{"lessThanOrEqual":"7.0.8","status":"affected","version":"7.0.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow  an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"Escalation of privilege","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T16:54:32.010Z","orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet"},"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-26-133","url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-133"}],"solutions":[{"lang":"en","value":"Upgrade to FortiAP version 7.6.3 or above\nUpgrade to FortiAP version 7.4.6 or above\nUpgrade to FortiAP-U version 7.0.6 or above\nUpgrade to FortiAP-W2 version 7.4.5 or above"}]}},"cveMetadata":{"assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","assignerShortName":"fortinet","cveId":"CVE-2025-53870","datePublished":"2026-05-12T16:54:32.010Z","dateReserved":"2025-07-11T07:30:58.396Z","dateUpdated":"2026-05-12T16:54:32.010Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-12 18:16:36","lastModifiedDate":"2026-05-12 18:57:02","problem_types":["CWE-78","CWE-78 Escalation of privilege"],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"53870","Ordinal":"1","Title":"CVE-2025-53870","CVE":"CVE-2025-53870","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"53870","Ordinal":"1","NoteData":"An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow  an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command.","Type":"Description","Title":"CVE-2025-53870"}]}}}