CVE-2024-45325 MEDIUM

CVE-2024-45325

Vendor Fortinet
Product FortiDDoS-F
Weakness CWE-78
Published September 9, 2025
Last update September 9, 2025

CVSS base score

6.5/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C

What the vulnerability does

01Description

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiDDoS-F version 7.0.0 through 7.02 and before 6.6.3 may allow a privileged attacker to execute unauthorized code or commands via crafted CLI requests.

Key dates

02Disclosure timeline

September 9, 2025 CVE published
September 9, 2025 Record updated