CVE-2025-57823 — Forced Browsing in Fortinet Fortiauthenticator

CWE-425 — Forced Browsing4 documents4 sources

Severity

2.7LOWNVD

EPSS

0.0%

top 88.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiauthenticator

Timeline

PublishedDec 9

Description

A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and download device logs via accessing specific endpoints

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5fortinet/fortiauthenticator6.6.0 — 6.6.6+3

▶NVDfortinet/fortiauthenticator6.3.0 — 6.6.6

🔴Vulnerability Details

GHSA

GHSA-xw8w-pqw7-c52c: A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6↗2025-12-09

▶

CVEList

CVE-2025-57823: A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6↗2025-12-09

▶

📋Vendor Advisories

Fortinet

A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticato...↗2025-12-09

▶