exploitDog

CVE-2025-57823

Опубликовано: 09 дек. 2025

Источник: nvd

CVSS3: 2.7

EPSS Низкий

Описание

A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and download device logs via accessing specific endpoints

Ссылки

https://fortiguard.fortinet.com/psirt/FG-IR-25-554
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*

Версия от 6.3.0 (включая) до 6.6.6 (включая)

EPSS

Процентиль: 8%

0.00031

Низкий

2.7 Low

CVSS3

Дефекты

CWE-425

Связанные уязвимости

GHSA-xw8w-pqw7-c52c

CVSS3: 2.7

github

2 месяца назад

A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and download device logs via accessing specific endpoints

EPSS

Процентиль: 8%

0.00031

Низкий

2.7 Low

CVSS3

Дефекты

CWE-425