Main Vulnerability Database Vulnerabilities #VU117141

#VU117141 Improper Authentication in FortiAnalyzer - CVE-2025-53845

Published: October 15, 2025

Vulnerability identifier: #VU117141

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-53845

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiAnalyzer

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote non-authenticated attacker to read memory contents or crash the application.

The vulnerability exists due to improper authentication in OFTP service. An unauthenticated attacker can obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-25-378

#VU117141 Improper Authentication in FortiAnalyzer - CVE-2025-53845

Description

Remediation

External links

Please verify you're human