CVE-2025-53744Incorrect Privilege Assignment in Fortinet Fortios

CWE-266Incorrect Privilege Assignment4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.2%
top 63.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortios
Timeline
PublishedAug 12

Description

An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via registering the device to a malicious FortiManager.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortios6.4.07.4.8+1
CVEListV5fortinet/fortios7.6.07.6.2+4

🔴Vulnerability Details

2
CVEList
CVE-2025-53744: An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 72025-08-12
GHSA
GHSA-c5vf-25hf-3m74: An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 72025-08-12

📋Vendor Advisories

1
Fortinet
Incorrect Privilege Assignment in Security Fabric2025-08-12
CVE-2025-53744 — Incorrect Privilege Assignment | cvebase