How severe is CVE-2025-54822?

CVE-2025-54822 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2025-54822

Name: fortiproxy
Author: fortinet

4.3MEDIUM

An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, Fort

Publicado: 10/14/2025Atualizado: 1/14/2026

Descrição

An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests.

Análise IADesenvolvido por IA

Produtos Afetados

fortinetfortios

fortinetfortiproxy

Referências

https://fortiguard.fortinet.com/psirt/FG-IR-25-684
Vendor Advisory