CVE-2026-25089

Confirmed PUBLISHED

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through...

Fortinet · FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS

5 hours faster than CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
9.1 Critical EPSS 36.1%

At a Glance

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests

edge cisa
CVE Published
Jun 09, 2026
Exploitation Reported
Jul 16, 2026
CVSS
9.1 Critical
EPSS
36.1%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Fortinet
FortiSandbox

5.0.0 to <= 5.0.5

Affected
Fortinet
FortiSandbox

4.4.0 to <= 4.4.8

Affected
Fortinet
FortiSandbox

4.2.1 to <= 4.2.8

Affected
Fortinet
FortiSandbox Cloud

5.0.4 to <= 5.0.5

Affected
Fortinet
FortiSandbox PaaS

5.0.4 to <= 5.0.5

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.