Zero Day MonitorZDM

← Back to list

6.1

CVE-2025-53680EXPLOITEDPATCHED

Fortinet · FortiAP

CVE-2025-53680: An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vul

Description

An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.

Affected Products

Vendor	Product	Versions
Fortinet	FortiAP	7.6.0, 7.4.0, 7.2.0, 7.0.0, 6.4.3, 7.4.0, 7.2.0, 7.0.0, 7.0.0, 6.2.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
fortinet	fortiap-w2	mitre_affected	90%
fortinet	fortiap-u	mitre_affected	90%

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-131

Related News (2 articles)

Tier C

VulDB5h ago

CVE-2025-53680 | Fortinet FortiAP/FortiAP-W2/FortiAP-U up to 7.6.2 CLI os command injection (FG-IR-26-131)

→ No new info (linked only)

Tier A

Fortinet PSIRT16h ago

Command injection in CLI

→ No new info (linked only)

CVSS 3.16.1 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

7.6.3

CWECWE-78

PublishedMay 12, 2026

Last enriched5h agov3

Tags

OS Command Injection

Trending Score58

Source articles2

Independent2

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-35616EXPKEV

CVE-2026-35616: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta

CRITICALCVE-2026-44277EXP

CVE-2026-44277: A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticat

HIGHCVE-2025-53844EXP

CVE-2025-53844: A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0

MEDIUMCVE-2025-53870EXP

CVE-2025-53870: An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet

CRITICALCVE-2026-26083

CVE-2026-26083: A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, Fo

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 12, 2026

Discovered by ZDM

May 12, 2026

Updated: affectedVersions, patchAvailable, exploitAvailable, activelyExploited, tags

May 12, 2026

Updated: affectedVersions

May 12, 2026

Actively Exploited

May 12, 2026

Exploit Available

May 12, 2026

Patch Available

May 12, 2026

Version History

v3

Last enriched 5h ago

v3Tier C5h ago

Updated severity to CRITICAL, added new affected versions 6.4.9, 7.0.7, and 7.2.6, and noted that no patch is currently available.

affectedVersions

via VulDB

v2Tier A6h ago

Updated affected versions and patch availability, and marked exploit availability and active exploitation as true.

affectedVersionspatchAvailableexploitAvailableactivelyExploitedtags

via Fortinet PSIRT

v16h ago

Initial creation