cbcvebase.
CVE-2025-59808
published 2025-12-09

CVE-2025-59808: An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1…

medium6.8CVSS 3.1
AVNACHPRLUINSUCNIHAH
An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim's user account to reset the account credentials without being prompted for the account's password

Affected

12 ranges
VendorProductVersion rangeFixed in
fortinetfortinet
fortinetfortisoar
fortinetfortisoar>= 7.3.0 < 7.5.27.5.2
fortinetfortisoar7.6.0 – 7.6.3
fortinetfortisoar_on-premise7.3.0 – 7.3.3
fortinetfortisoar_on-premise7.4.0 – 7.4.5
fortinetfortisoar_on-premise7.5.0 – 7.5.1
fortinetfortisoar_on-premise7.6.0 – 7.6.2
fortinetfortisoar_paas7.3.0 – 7.3.3
fortinetfortisoar_paas7.4.0 – 7.4.5
fortinetfortisoar_paas7.5.0 – 7.5.1
fortinetfortisoar_paas7.6.0 – 7.6.2