{"id":68850,"date":"2025-08-26T22:32:48","date_gmt":"2025-08-26T19:02:48","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-36729-fortinet-web-interface-unauthorized-access-and-privilege-escalation\/"},"modified":"2025-08-26T22:32:48","modified_gmt":"2025-08-26T19:02:48","slug":"cve-2025-36729-fortinet-web-interface-unauthorized-access-and-privilege-escalation","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-36729-fortinet-web-interface-unauthorized-access-and-privilege-escalation\/","title":{"rendered":"CVE-2025-36729 &#8211; &#8220;Fortinet Web Interface Unauthorized Access and Privilege Escalation&#8221;"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-36729<br \/>\n<br \/>\n<strong>Published : <\/strong> Aug. 26, 2025, 5:15 p.m. | 1\u00a0hour, 21\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access with the root gid.<br \/>\n<br \/>\n<strong>Severity:<\/strong> 7.2 | HIGH<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-36729 Published : Aug. 26, 2025, 5:15 p.m. | 1\u00a0hour, 21\u00a0minutes ago Description : A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-68850","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/68850","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=68850"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/68850\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=68850"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=68850"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=68850"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}