{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T22:48:13.231","vulnerabilities":[{"cve":{"id":"CVE-2025-31104","sourceIdentifier":"psirt@fortinet.com","published":"2025-06-10T17:21:22.873","lastModified":"2025-07-22T17:06:49.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests."},{"lang":"es","value":"Una vulnerabilidad de neutralización inadecuada de elementos especiales utilizados en un comando del SO ('inyección de comando del SO') [CWE-78] en FortiADC 7.6.0 a 7.6.1, 7.4.0 a 7.4.6, 7.2.0 a 7.2.7, 7.1.0 a 7.1.4, 7.0 todas las versiones, 6.2 todas las versiones, 6.1 todas las versiones puede permitir que un atacante autenticado ejecute código no autorizado a través de solicitudes HTTP manipuladas."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"7.1.5","matchCriteriaId":"76B80010-5154-4695-927C-D9E104D956F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.8","matchCriteriaId":"BA91E054-96EB-4F87-8132-0838D6F40F36"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.7","matchCriteriaId":"AE545405-6F6D-4B5F-929C-FE966F3C5FC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.2","matchCriteriaId":"7B0431F4-19A9-4D05-8290-16C5ABC149D3"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-25-099","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}}]}