← Back

CVE-2025-54822

nvd nist
Published: Oct 14, 2025Modified: Jan 14, 2026

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: psirt@fortinet.com (Secondary)

Description

An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests.

Affected (3)

Fortinet
2 products
Fortios
Fortiproxy
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Fortios
From 7.0.0 to 7.2.9
Fortios
From 7.4.0 to 7.4.2
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Fortiproxy
From 2.0.0 to 7.4.9

Related CWEs

CWE-285
Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (1)

Source: psirt@fortinet.com
Vendor Advisory

Timeline

No history available yet.