CVE-2025-53744 HIGH

Published: 2025-08-12 | Last Modified: 2026-06-09 | Status: Modified

Description

An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via registering the device to a malicious FortiManager.

Additional Descriptions (1)

Una vulnerabilidad de asignación incorrecta de privilegios [CWE-266] en FortiOS Security Fabric versión 7.6.0 a 7.6.2, 7.4.0 a 7.4.7, 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones, puede permitir que un atacante remoto autenticado con privilegios elevados escale sus privilegios a superadministrador mediante el registro del dispositivo en un FortiManager malicioso.

CVSS Metrics

Base Score: 7.2 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	HIGH
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Secondary

Exploitability Score: 1.2

Impact Score: 5.9

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-266

Affected Products

Vendor	Product	Version	Update	Type
fortinet	fortios	*	<built-in method update of dict object at 0x7d1e5f74ef00>	Operating System
fortinet	fortios	*	<built-in method update of dict object at 0x7d1eb6db48c0>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fortinet:fortios::::::::`
Yes	`cpe:2.3:o:fortinet:fortios::::::::`

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-173
Source: [email protected]

Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e