Introduction
Attackers with privileged access to FortiVoice can execute arbitrary operating system commands, potentially leading to full compromise of enterprise communications infrastructure. This vulnerability, tracked as CVE-2025-47856, impacts a range of Fortinet FortiVoice versions and is rooted in improper command input handling.
About Fortinet and FortiVoice: Fortinet is a leading global cybersecurity vendor, recognized for its extensive product portfolio including firewalls, endpoint security, and unified communications. FortiVoice is Fortinet's enterprise unified communications platform, widely deployed in organizations for voice, conferencing, and messaging services. The platform's critical role in business communications makes vulnerabilities in FortiVoice particularly significant for operational security.
Technical Information
CVE-2025-47856 is classified as an OS command injection vulnerability (CWE-78) in Fortinet FortiVoice. The flaw exists in two separate locations in the FortiVoice codebase. It allows a privileged attacker—one who has already authenticated with elevated access—to send crafted HTTP or HTTPS requests to the web management interface or issue specially constructed CLI commands. These requests can inject special shell elements, resulting in arbitrary code or command execution with the privileges of the FortiVoice application process.
The vulnerability arises from improper neutralization of special elements in OS command construction. Specifically, user-supplied input is not sufficiently sanitized before being passed to the underlying operating system. This allows attackers to inject shell metacharacters or additional commands, leveraging the application's privileges to execute their payloads. The attack surface includes both the web management interface and the CLI, expanding the potential exploitation vectors. No public code snippets or proof of concept exploit are available for this vulnerability as of this writing.
Affected Systems and Versions
CVE-2025-47856 affects the following FortiVoice versions:
- 7.2.0
- 7.0.0 through 7.0.6
- All versions before 6.4.10
Patched versions are:
- 7.2.1 and above (for 7.2.0)
- 7.0.7 and above (for 7.0.0 through 7.0.6)
- 6.4.11 and above (for versions before 6.4.10)
Vendor Security History
Fortinet has experienced multiple high-severity vulnerabilities across its product lines, including command injection and buffer overflow issues. In 2025 alone, several critical vulnerabilities have been disclosed and, in some cases, exploited in the wild. Fortinet maintains a dedicated PSIRT and generally provides timely advisories and patches. However, the recurrence of command injection flaws, including CVE-2025-47856, highlights ongoing challenges in secure coding and input validation within Fortinet's development lifecycle.