Main Vulnerability Database Vulnerabilities #VU117210

Race condition in FortiAnalyzer - CVE-2025-54973

Published: October 15, 2025

Vulnerability identifier: #VU117210

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-54973

CWE-ID: CWE-362

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiAnalyzer

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to concurrent execution using shared resource with improper synchronization ('race condition') in FortiCloud SSO SAML authentication. An attacker can attempt to win a race condition to bypass the FortiCloud SSO authorization via crafted FortiCloud SSO requests.

How to mitigate CVE-2025-54973

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-25-198

Race condition in FortiAnalyzer - CVE-2025-54973

Detailed vulnerability description

How to mitigate CVE-2025-54973

Sources

Please verify you're human