{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/fortisandbox-cloud-versions-5.0.4-et-5.0.5-ant%C3%A9rieures-%C3%A0-5.0.6/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox_cloud:*:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox_paas:*:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":6.7,"id":"CVE-2025-67862"},{"cvss":9.8,"id":"CVE-2026-25089"},{"cvss":6.5,"id":"CVE-2026-49938"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["FortiOS (versions 7.2.x antérieures à 7.2.11)","FortiOS (versions 7.4.x antérieures à 7.4.8)","FortiOS (versions 7.6.x antérieures à 7.6.3)","FortiPortal (versions 7.4.x antérieures à 7.4.8)","FortiPortal (versions antérieures à 7.2.9)","FortiProxy (versions 7.2.x antérieures à 7.2.15)","FortiProxy (versions 7.4.x antérieures à 7.4.11)","FortiProxy (versions 7.6.x antérieures à 7.6.4)","FortiSandbox Cloud (versions 5.0.4 et 5.0.5 antérieures à 5.0.6)","FortiSandbox PaaS (versions 5.0.4 et 5.0.5 antérieures à 5.0.6)","FortiSandbox (versions 4.4.x antérieures à 4.4.9)","FortiSandbox (versions 5.0.x antérieures à 5.0.6)"],"_cs_severities":["critical"],"_cs_tags":["remote-code-execution","data-exfiltration","vulnerability","fortinet","network-appliance"],"_cs_type":"advisory","_cs_vendors":["Fortinet"],"content_html":"\u003cp\u003eMultiple critical vulnerabilities (CVE-2025-67862, CVE-2026-25089, CVE-2026-49938) have been identified across various Fortinet products including FortiOS, FortiPortal, FortiProxy, and FortiSandbox. These flaws, detailed in Fortinet security bulletins FG-IR-26-140, FG-IR-26-141, and FG-IR-26-143 issued on June 9, 2026, could allow an unauthenticated attacker to achieve remote arbitrary code execution (RCE) and compromise data confidentiality. CERT-FR published an advisory (CERTFR-2026-AVI-0725) on June 10, 2026, urging immediate patching. The widespread deployment of Fortinet products in enterprise networks makes these vulnerabilities high-impact, as successful exploitation could lead to full system compromise, network breaches, and sensitive data exposure without prior authentication.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a vulnerable Fortinet product (e.g., FortiOS, FortiPortal, FortiProxy, FortiSandbox) exposed to the internet.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts and sends a malicious HTTP request targeting the specific vulnerability (CVE-2025-67862, CVE-2026-25089, or CVE-2026-49938).\u003c/li\u003e\n\u003cli\u003eThe vulnerable Fortinet product processes the malformed request, triggering the underlying vulnerability, potentially in a web-facing component.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation of RCE vulnerabilities (CVE-2026-25089, CVE-2026-49938) allows the attacker to execute arbitrary commands on the underlying operating system of the appliance.\u003c/li\u003e\n\u003cli\u003eWith RCE, the attacker gains full control over the compromised Fortinet device, enabling them to establish persistence or deploy further malicious payloads.\u003c/li\u003e\n\u003cli\u003eThe attacker can then use the compromised device as a pivot point to move laterally within the network or access sensitive data, leveraging data confidentiality vulnerabilities (CVE-2025-67862) to exfiltrate information.\u003c/li\u003e\n\u003cli\u003eThe final objective could range from network reconnaissance, further system compromise, data theft, or disruption of network services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe identified vulnerabilities pose a critical risk to organizations utilizing affected Fortinet products. Successful exploitation, particularly of the RCE flaws, could lead to full compromise of the Fortinet appliance itself, granting attackers a foothold within the perimeter network. This could facilitate unauthorized access to internal systems, network segmentation bypasses, and the deployment of additional malware such as backdoors or ransomware. Data confidentiality breaches could result in the exposure of sensitive network configurations, user credentials, or other critical business data, potentially leading to significant financial loss, reputational damage, and regulatory penalties. The widespread use of Fortinet products globally means a broad array of organizations across various sectors could be susceptible.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately apply the security patches provided by Fortinet for all affected products listed in this brief (FortiOS \u0026lt; 7.2.11, FortiPortal \u0026lt; 7.4.8, FortiProxy \u0026lt; 7.2.15, FortiSandbox \u0026lt; 5.0.6, etc.) to address CVE-2025-67862, CVE-2026-25089, and CVE-2026-49938.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rules \u0026quot;Detects CVE-2026-25089/49938 Exploitation Attempts - Suspicious HTTP Request Patterns\u0026quot; and \u0026quot;Detects CVE-2025-67862 Exploitation Attempts - Unusual HTTP Access to Sensitive Paths\u0026quot; to your SIEM to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eEnsure web server logging is enabled and configured for detailed HTTP request information on all Fortinet devices to support detection via the Sigma rules.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusual outbound connections originating from Fortinet devices, especially after patching, as a potential indicator of prior compromise (referencing \u003ccode\u003enetwork_connection\u003c/code\u003e log source).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-14T09:12:27Z","date_published":"2026-06-14T09:12:27Z","id":"https://feed.craftedsignal.io/briefs/2026-06-fortinet-multi-vuln/","summary":"Multiple critical vulnerabilities (CVE-2025-67862, CVE-2026-25089, CVE-2026-49938) have been discovered across Fortinet products including FortiOS, FortiPortal, FortiProxy, and FortiSandbox, enabling unauthenticated attackers to achieve remote arbitrary code execution and compromise data confidentiality.","title":"Multiple Critical Vulnerabilities in Fortinet Products Lead to RCE and Data Exposure","url":"https://feed.craftedsignal.io/briefs/2026-06-fortinet-multi-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed - FortiSandbox Cloud (Versions 5.0.4 Et 5.0.5 Antérieures À 5.0.6)","version":"https://jsonfeed.org/version/1.1"}