CVE-2025-54822

CVE Database · CVE-2025-54822

CVE-2025-54822

· MEDIUMModified

CVSS v3.1

4.3

EPSS

0.30%

Published

Oct 14, 2025

Modified

Jan 14, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-285

Affected Products (3)

fortinet · fortios (up to 7.2.9)vulnerable

fortinet · fortios (up to 7.4.2)vulnerable

fortinet · fortiproxy (up to 7.4.9)vulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-25-684

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs