github - ghsa-xw8w-pqw7-c52c

ghsa-xw8w-pqw7-c52c

Vulnerability from github

Published

2025-12-09 18:30

Modified

2025-12-09 18:30

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Details

A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and download device logs via accessing specific endpoints

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-57823"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-09T18:15:54Z",
    "severity": "LOW"
  },
  "details": "A direct request (\u0027forced browsing\u0027) vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and download device logs via accessing specific endpoints",
  "id": "GHSA-xw8w-pqw7-c52c",
  "modified": "2025-12-09T18:30:45Z",
  "published": "2025-12-09T18:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57823"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-554"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2025-57823 (GCVE-0-2025-57823)

Vulnerability from cvelistv5

Published

2025-12-09 17:18

Modified

2025-12-09 20:43

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C

CWE

CWE-425 - Information disclosure

Summary

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-554

Impacted products

	Vendor	Product	Version
	Fortinet	FortiAuthenticator	Version: 6.6.0 ≤ 6.6.6 Version: 6.5.0 ≤ 6.5.6 Version: 6.4.0 ≤ 6.4.10 Version: 6.3.0 ≤ 6.3.4 cpe:2.3:a:fortinet:fortiauthenticator:6.6.6:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.6.5:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.6.4:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.6.3:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.3.4:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:::::::* cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:::::::*

Show details on NVD website