SB2026051294 - Multiple vulnerabilities in FortiAP

Description

This security bulletin contains information about 2 vulnerabilities.

1) OS Command Injection (CVE-ID: CVE-2025-53680)

The vulnerability allows a local privileged user to execute unauthorized code or commands.

The vulnerability exists due to command injection in CLI when processing crafted CLI requests. A local privileged user can send crafted CLI requests to execute unauthorized code or commands.

2) Command injection (CVE-ID: CVE-2025-53870)

The vulnerability allows a local privileged user to execute unauthorized code or commands.

The vulnerability exists due to command injection in the CLI when processing a specifically crafted cli command. A local privileged user can send a specifically crafted cli command to execute unauthorized code or commands.

Remediation

Install update from vendor's website.

References

• https://www.fortiguard.com/psirt/FG-IR-26-131
• https://www.fortiguard.com/psirt/FG-IR-26-133