CVE-2025-53847Missing Authentication for Critical Function in Fortinet Fortios

CWE-306Missing Authentication for Critical Function4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 97.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortios
Timeline
PublishedApr 14

Description

A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or commands via specially crafted packets.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

CVEListV5fortinet/fortios7.6.07.6.3+5

🔴Vulnerability Details

2
CVEList
CVE-2025-53847: A missing authentication for critical function vulnerability in Fortinet FortiOS 72026-04-14
GHSA
GHSA-v55w-rvx7-pq26: A missing authentication for critical function vulnerability in Fortinet FortiOS 72026-04-14

📋Vendor Advisories

1
Fortinet
Missing Authentication for critical function in CAPWAP daemon2026-04-14
CVE-2025-53847 — Fortinet Fortios vulnerability | cvebase