← Back

CVE-2025-59923

nvd nist
Published: Dec 9, 2025Modified: Dec 11, 2025

JSON object

Loading...
2.7
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Exploitability: 1.2 / Impact: 1.4
Source: psirt@fortinet.com (Secondary)

Description

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the credentials of other administrators' messaging services via crafted requests.

Affected (1)

Fortinet
1 product
Fortiauthenticator
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Fortiauthenticator
From 6.3.0 to 6.6.4

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

Source: psirt@fortinet.com
Vendor Advisory

Timeline

No history available yet.