CVE-2025-54973

MEDIUM EPSS 20.6%

Published Oct 14, 20258mo ago · Modified Jun 17, 20261w ago

5.3 CVSS 3.1

Medium

Published Oct 14, 2025 8mo ago

Last Modified Jun 17, 2026 1w ago

Description

A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability [CWE-362] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the FortiCloud SSO authorization via crafted FortiCloud SSO requests.

CVSS Details

Base Score

5.3

Exploitability

1.6

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality None

Integrity High

Availability None

Threat Intelligence

EPSS Exploit Probability

20.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-362

Affected Products 4

Vendor	Product	Version	Range
fortinet	fortianalyzer	*	≥7.0.9 – <7.0.14
fortinet	fortianalyzer	*	≥7.2.0 – <7.2.11
fortinet	fortianalyzer	*	≥7.4.0 – <7.4.7
fortinet	fortianalyzer	*	≥7.6.0 – <7.6.3

References 1

fortiguard.fortinet.com https://fortiguard.fortinet.com/psirt/FG-IR-25-198

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.