CVE-2025-54822

CWE-2854 documents4 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 83.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet Fortiproxy
Timeline
PublishedOct 14

Description

An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

NVDfortinet/fortiproxy2.0.07.4.9
CVEListV5fortinet/fortiproxy7.4.07.4.8+3
NVDfortinet/fortios7.0.07.2.9+1
CVEListV5fortinet/fortios7.4.07.4.1+2

🔴Vulnerability Details

2
CVEList
CVE-2025-54822: An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 72025-10-14
GHSA
GHSA-chpj-hq37-fphq: An improper authorization vulnerability [CWE-285] in Fortinet FortiOS version 72025-10-14

📋Vendor Advisories

1
Fortinet
Improper autorization over static files2025-10-14
CVE-2025-54822 (MEDIUM CVSS 4.3) | An improper authorization vulnerabi | cvebase.io