CVE-2025-54822
CVE-2025-54822
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.2EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
14 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:C
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →