Main Vulnerability Database Vulnerabilities #VU117141

Improper Authentication in FortiAnalyzer - CVE-2025-53845

Published: October 15, 2025

Vulnerability identifier: #VU117141

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-53845

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiAnalyzer

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read memory contents or crash the application.

The vulnerability exists due to improper authentication in OFTP service. An unauthenticated attacker can obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests.

How to mitigate CVE-2025-53845

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-25-378

Improper Authentication in FortiAnalyzer - CVE-2025-53845

Detailed vulnerability description

How to mitigate CVE-2025-53845

Sources

Please verify you're human