CVE-2025-64153 is a security vulnerability classified as an OS command injection affecting Fortinet FortiExtender devices across multiple versions (7.0.0, 7.2.x, 7.4.x, and 7.6.x). The flaw arises from improper neutralization of special elements in operating system commands, allowing an authenticated attacker with high privileges to inject and execute arbitrary OS commands via a specially crafted HTTP request. This vulnerability does not require user interaction but does require authentication with elevated privileges, increasing the attack complexity but still posing a significant risk. The impact includes potential full system compromise, data confidentiality breaches, integrity violations, and denial of service through disruption of device functionality. FortiExtender devices are typically used to extend network connectivity, often in critical infrastructure and enterprise environments, making this vulnerability particularly concerning. The CVSS v3.1 score of 6.7 reflects a medium severity, considering the network attack vector, low attack complexity, required privileges, and the high impact on confidentiality, integrity, and availability. No public exploits or widespread attacks have been reported yet, but the vulnerability is published and should be addressed promptly. The lack of available patches at the time of reporting necessitates immediate risk mitigation through access controls and monitoring.

For European organizations, the exploitation of CVE-2025-64153 could lead to unauthorized command execution on FortiExtender devices, potentially resulting in full device compromise. This could disrupt network extension services, degrade connectivity, and expose sensitive data passing through these devices. Critical sectors such as telecommunications, finance, energy, and government infrastructure that rely on FortiExtender for network resilience and connectivity could suffer operational outages or data breaches. The compromise of these devices could also serve as a foothold for lateral movement within networks, escalating the severity of attacks. Given the medium severity score but high impact on confidentiality, integrity, and availability, organizations must treat this vulnerability seriously to avoid service disruptions and data loss.

1. Immediately restrict administrative access to FortiExtender devices to trusted personnel and networks only, using network segmentation and strong authentication mechanisms. 2. Monitor HTTP traffic to FortiExtender management interfaces for unusual or malformed requests indicative of command injection attempts. 3. Implement strict input validation and web application firewall (WAF) rules where possible to block suspicious payloads targeting the device. 4. Regularly audit and review user accounts with high privileges on FortiExtender devices, removing unnecessary access. 5. Apply vendor patches or firmware updates as soon as they become available to remediate the vulnerability. 6. Employ network intrusion detection systems (NIDS) with updated signatures to detect exploitation attempts. 7. Maintain up-to-date backups of device configurations to enable rapid recovery if compromise occurs. 8. Conduct security awareness training for administrators managing FortiExtender devices to recognize and respond to potential attacks.