Internal Asset Exposed to Unsafe Debug Access Level or State in FortiProxy and FortiOS - CVE-2025-67862
Published: June 9, 2026
Vulnerability identifier: #VU134005
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-67862
CWE-ID: CWE-1244
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Fortinet, Inc
Affected software:
FortiProxy
FortiOS
FortiProxy
FortiOS
Detailed vulnerability description
The vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to internal asset exposed to unsafe debug access level or state. An authenticated admin can execute lua scripts via crafted CLI commands.
How to mitigate CVE-2025-67862
Install update from vendor's website.