CVE-2025-54822

4.3MEDIUM

An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, Fort

Опубликовано: 10/14/2025Обновлено: 1/14/2026
Посмотреть на NVDПосмотреть на MITRE

Описание

An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests.

ИИ-АнализНа базе ИИ

Затронутые продукты

fortinetfortios
fortinetfortios
fortinetfortiproxy

Ссылки