CVE-2025-54973 — Race Condition in Fortinet Fortianalyzer

CWE-362 — Race Condition4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 89.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer

Timeline

PublishedOct 14

Description

A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability [CWE-362] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the FortiCloud SSO authorization via crafted FortiCloud SSO requests.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶NVDfortinet/fortianalyzer7.0.9 — 7.0.14+3

▶CVEListV5fortinet/fortianalyzer7.6.0 — 7.6.2+3

🔴Vulnerability Details

CVEList

CVE-2025-54973: A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability [CWE-362] in Fortinet FortiAnalyzer versio↗2025-10-14

▶

GHSA

GHSA-q422-6cm5-mw8v: A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability [CWE-362] in Fortinet FortiAnalyzer versio↗2025-10-14

▶

📋Vendor Advisories

Fortinet

Race condion in FortiCloud SSO SAML authentication↗2025-10-14

▶