KEV Entry
CVE-2026-25089
Known Exploited Vulnerability Entry KEVIntel
Entry Details
Confirmed Exploited2026-07-16 17:00 UTC
Timestamps
2026-07-16
2026-07-16
Scope
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through... | Affected: Fortinet / FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS | CVSS: 9.8 (CRITICAL) | EPSS: 0.23393 | Used in malware: unknown | Not yet in CISA KEV: False
References
- {'id': 'CVE-2026-25089', 'url': 'https://www.cve.org/CVERecord?id=CVE-2026-25089'}
- {'id': 'kevintel', 'url': 'https://kevintel.com/CVE-2026-25089'}
1c5ad154-dc19-4f81-8037-be65dad66607
KEVIntel
caeb2787-0d58-4236-9039-7c86c3e566f3
2026-07-16 18:00 UTC
2026-07-16 18:00 UTC
Evidence
1| Type | Source | Signal | Confidence | Details | GCVE Metadata |
|---|---|---|---|---|---|
| public_report | kevintel | successful_exploitation | 0.70 |
View details
|
- |