6.7 CVE-2025-67862
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.
https://nvd.nist.gov/vuln/detail/CVE-2025-67862
Categories
CWE-1244 : Internal Asset Exposed to Unsafe Debug Access Level or State
The product uses physical debug or testinterfaces with support for multiple access levels, but itassigns the wrong debug access level to an internal asset,providing unintended access to the asset from untrusted debugagents. Check 2 devices for their passcode to authenticate access to JTAG/debugging ports. If the passcodes are missing or the same, update the design to fix and retest. Check communications over JTAG/debugging ports for encryption. If the communications are not encrypted, fix the design and retest. Apply blinding [REF-1219] or masking techniques in strategic areas. Add shielding or tamper-resistant protections to the device, which increases the difficulty and cost for accessing debug/test interfaces. After ROM code execution, JTAG access is disabled. But before the ROM code is executed, JTAG access is possible, allowing a user full system access. This allows a user to modify the boot flow and successfully bypass the secure-boot process.
References
AFFECTED (from MITRE)
| Vendor |
Product |
Versions |
| Fortinet |
FortiOS |
- 7.6.0 ≤ 7.6.1 [affected]
- 7.4.0 ≤ 7.4.6 [affected]
- 7.2.0 ≤ 7.2.10 [affected]
- 7.0.0 ≤ 7.0.16 [affected]
- 6.4.0 ≤ 6.4.16 [affected]
|
| Fortinet |
FortiProxy |
- 7.6.0 ≤ 7.6.3 [affected]
- 7.4.0 ≤ 7.4.10 [affected]
- 7.2.0 ≤ 7.2.14 [affected]
- 7.0.0 ≤ 7.0.23 [affected]
|
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
CPE
REMEDIATION
EXPLOITS
Exploit-db.com
| id |
description |
date |
|
| No known exploits |
POC Github
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
| id |
description |
severity |
| 114 |
Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. |
Medium |
MITRE
Techniques
| id |
description |
| T1548 |
Abuse Elevation Control Mechanism |
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
Mitigations
| id |
description |
| M1018 |
Limit the privileges of cloud accounts to assume, create, or impersonate additional roles, policies, and permissions to only those required. Where just-in-time access is enabled, consider requiring manual approval for temporary elevation of privileges. |
| © 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation. |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
Discover this offer
