CVE-2025-58325 is an Incorrect Provision of Specified Functionality vulnerability (CWE-684) identified in Fortinet's FortiOS versions 6.4.0, 7.0.0 through 7.0.15, 7.2.5 through 7.2.10, 7.4.0 through 7.4.5, and 7.6.0. The flaw allows a local authenticated attacker with high privileges to execute arbitrary system commands by submitting specially crafted CLI commands. This vulnerability arises from improper handling of CLI input, enabling privilege escalation beyond the attacker's assigned permissions. The vulnerability impacts confidentiality, integrity, and availability by potentially allowing attackers to gain full control over the affected FortiOS device, manipulate configurations, intercept or disrupt network traffic, and disable security functions. The CVSS 3.1 base score is 7.8, reflecting high severity with attack vector local, low attack complexity, high privileges required, no user interaction, and scope change. Although no exploits are currently known in the wild, the vulnerability's presence in widely deployed FortiOS versions used in enterprise and service provider environments makes it a critical concern. FortiOS devices are commonly deployed as firewalls, VPN gateways, and security appliances, making this vulnerability a significant risk for network security infrastructure.

For European organizations, exploitation of CVE-2025-58325 could lead to severe consequences including unauthorized system control, data exfiltration, disruption of network services, and potential lateral movement within corporate networks. Given FortiOS's widespread use in securing enterprise networks, critical infrastructure, and government systems across Europe, a successful attack could compromise sensitive data, disrupt business operations, and undermine trust in network security. The ability to execute arbitrary system commands with elevated privileges means attackers could disable security controls, create persistent backdoors, or manipulate traffic inspection, severely impacting confidentiality, integrity, and availability. Organizations in sectors such as finance, telecommunications, energy, and public administration are particularly at risk due to their reliance on Fortinet devices for perimeter defense and secure remote access.

Organizations should immediately inventory all FortiOS devices and verify affected versions. Although no patch links are provided yet, monitoring Fortinet advisories for official patches or updates is critical. Until patches are available, restrict CLI access to trusted administrators only and enforce strict role-based access controls to minimize the number of users with high privileges. Implement network segmentation to isolate management interfaces and use multi-factor authentication for administrative access. Enable detailed logging and monitor for unusual CLI command patterns indicative of exploitation attempts. Conduct regular security audits and vulnerability scans to detect unauthorized changes. Additionally, consider deploying intrusion detection/prevention systems tuned to detect anomalous FortiOS CLI activity. Prepare incident response plans specifically addressing potential FortiOS compromise scenarios to reduce response time if exploitation occurs.