cvelistv5 - cve-2025-59810

CVE-2025-59810 (GCVE-0-2025-59810)

Vulnerability from cvelistv5 – Published: 2025-12-09 17:19 – Updated: 2025-12-09 20:42

Summary

An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests

Severity ?

6.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

CWE

CWE-284 - Information disclosure

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-601

Impacted products

Vendor

Product

Version

Fortinet

FortiSOAR on-premise

Affected: 7.6.0 , ≤ 7.6.2 (semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*

Fortinet

FortiSOAR PaaS

Affected: 7.6.0 , ≤ 7.6.2 (semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59810",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T20:20:18.195341Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-09T20:42:59.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR on-premise",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.2",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR PaaS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.2",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T17:19:06.350Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-601",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-601"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above\nUpgrade to FortiSOAR PaaS version 7.6.3 or above\nUpgrade to FortiSOAR PaaS version 7.5.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-59810",
    "datePublished": "2025-12-09T17:19:06.350Z",
    "dateReserved": "2025-09-22T08:19:21.055Z",
    "dateUpdated": "2025-12-09T20:42:59.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-59810\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2025-12-09T18:15:55.500\",\"lastModified\":\"2025-12-09T20:12:52.390\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.3.0\",\"versionEndExcluding\":\"7.5.2\",\"matchCriteriaId\":\"AB556BB9-A061-45DD-AB46-C583B7CB5108\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.6.0\",\"versionEndExcluding\":\"7.6.3\",\"matchCriteriaId\":\"9F88A820-7AAA-49BB-87AB-E93693B9889F\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-25-601\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-59810\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-09T20:20:18.195341Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-09T20:20:21.817Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiSOAR on-premise\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.6.2\"}, {\"status\": \"affected\", \"version\": \"7.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.5.1\"}, {\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.5\"}, {\"status\": \"affected\", \"version\": \"7.3.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.3.3\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiSOAR PaaS\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.6.2\"}, {\"status\": \"affected\", \"version\": \"7.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.5.1\"}, {\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.5\"}, {\"status\": \"affected\", \"version\": \"7.3.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.3.3\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to FortiSOAR on-premise version 7.6.3 or above\\nUpgrade to FortiSOAR on-premise version 7.5.2 or above\\nUpgrade to FortiSOAR PaaS version 7.6.3 or above\\nUpgrade to FortiSOAR PaaS version 7.5.2 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-25-601\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-25-601\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"Information disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2025-12-09T17:19:06.350Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-59810\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-09T20:42:59.350Z\", \"dateReserved\": \"2025-09-22T08:19:21.055Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2025-12-09T17:19:06.350Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2025-AVI-1084

Vulnerability from certfr_avis - Published: 2025-12-10 - Updated: 2025-12-10

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur précise que la version 24.2 de FortiSandbox Cloud sera publiée ultérieurement.

Impacted products

Vendor	Product	Description
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.6
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.4
Fortinet	FortiSOAR	FortiSOAR PaaS versions antérieures à 7.5.2
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.3
Fortinet	FortiSOAR	FortiSOAR PaaS versions 7.6.x antérieures à 7.6.3
Fortinet	FortiSOAR	FortiSOAR on-premise versions 7.6.x antérieures à 7.6.3
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.6
Fortinet	N/A	FortiExtender versions antérieures à 7.4.8
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.22
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.3
Fortinet	FortiManager	FortiManager versions antérieures à 7.2.6
Fortinet	FortiSRA	FortiSRA versions antérieures à 1.5.x
Fortinet	FortiSandbox	FortiSandbox versions 5.0.x antérieures à 5.0.3
Fortinet	FortiPortal	FortiPortal versions antérieures à 7.4.6
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.15
Fortinet	FortiSwitch	FortiSwitchManager versions 7.2.x antérieures à 7.2.7
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.9
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.12
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.12
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.3
Fortinet	FortiWeb	FortiWeb versions 8.0.x antérieures à 8.0.2
Fortinet	FortiSandbox	FortiSandbox Cloud versions antérieures à 24.2
Fortinet	N/A	FortiExtender versions 7.6.x antérieures à 7.6.4
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.18
Fortinet	FortiSASE	FortiSASE versions 24.1.x antérieures à 24.1.c
Fortinet	FortiSandbox	FortiSandbox versions 4.x antérieures à 4.4.8
Fortinet	FortiWeb	FortiWeb versions 7.0.x antérieures à 7.0.12
Fortinet	FortiVoice	FortiVoice versions antérieures à 7.0.8
Fortinet	FortiSOAR	FortiSOAR on-premise versions antérieures à 7.5.2
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.11
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.5.x
Fortinet	FortiAuthenticator	FortiAuthenticator versions antérieures à 6.6.7
Fortinet	FortiSwitch	FortiSwitchManager versions 7.0.x antérieures à 7.0.6
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.4
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.11

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-25-411	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-479	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-268	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-362	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-599	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-133	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-616	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-812	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-739	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-984	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-945	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-477	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-647	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-601	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-454	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-032	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-554	2025-12-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR PaaS versions ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR PaaS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.22",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions ant\u00e9rieures \u00e0 1.5.x",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.3",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.15",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox Cloud versions ant\u00e9rieures \u00e0 24.2",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.18",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSASE versions 24.1.x ant\u00e9rieures \u00e0 24.1.c",
      "product": {
        "name": "FortiSASE",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.x ant\u00e9rieures \u00e0 4.4.8",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.11",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.5.x",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.6.7",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur pr\u00e9cise que la version 24.2 de FortiSandbox Cloud sera publi\u00e9e ult\u00e9rieurement.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-60024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60024"
    },
    {
      "name": "CVE-2025-64153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64153"
    },
    {
      "name": "CVE-2025-57823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57823"
    },
    {
      "name": "CVE-2024-40593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40593"
    },
    {
      "name": "CVE-2025-53679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53679"
    },
    {
      "name": "CVE-2025-62631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62631"
    },
    {
      "name": "CVE-2025-54353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54353"
    },
    {
      "name": "CVE-2025-53949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53949"
    },
    {
      "name": "CVE-2025-59719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59719"
    },
    {
      "name": "CVE-2025-59810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59810"
    },
    {
      "name": "CVE-2025-64471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64471"
    },
    {
      "name": "CVE-2025-64447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64447"
    },
    {
      "name": "CVE-2024-47570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47570"
    },
    {
      "name": "CVE-2025-59808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59808"
    },
    {
      "name": "CVE-2025-54838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54838"
    },
    {
      "name": "CVE-2025-59923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59923"
    },
    {
      "name": "CVE-2025-64156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64156"
    },
    {
      "name": "CVE-2025-59718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59718"
    }
  ],
  "initial_release_date": "2025-12-10T00:00:00",
  "last_revision_date": "2025-12-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1084",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-411",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-411"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-479",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-479"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-268",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-268"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-362",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-362"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-599",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-599"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-133",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-133"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-616",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-616"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-812",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-812"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-739",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-739"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-984",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-984"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-945",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-945"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-477",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-477"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-647",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-647"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-601",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-601"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-454",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-454"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-032",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-032"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-554",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-554"
    }
  ]
}

FKIE_CVE-2025-59810

Vulnerability from fkie_nvd - Published: 2025-12-09 18:15 - Updated: 2025-12-09 20:12

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-25-601	Vendor Advisory

Impacted products

	Vendor	Product	Version
	fortinet	fortisoar	*
	fortinet	fortisoar	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB556BB9-A061-45DD-AB46-C583B7CB5108",
              "versionEndExcluding": "7.5.2",
              "versionStartIncluding": "7.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F88A820-7AAA-49BB-87AB-E93693B9889F",
              "versionEndExcluding": "7.6.3",
              "versionStartIncluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests"
    }
  ],
  "id": "CVE-2025-59810",
  "lastModified": "2025-12-09T20:12:52.390",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-09T18:15:55.500",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-601"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Primary"
    }
  ]
}

GHSA-3P8X-C3HM-XMP2

Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-59810"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-09T18:15:55Z",
    "severity": "MODERATE"
  },
  "details": "An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests",
  "id": "GHSA-3p8x-c3hm-xmp2",
  "modified": "2025-12-09T18:30:46Z",
  "published": "2025-12-09T18:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59810"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-601"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-59810 (GCVE-0-2025-59810)

CERTFR-2025-AVI-1084

Solutions

FKIE_CVE-2025-59810

GHSA-3P8X-C3HM-XMP2

Tags

Sightings

Nomenclature