Main Vulnerability Database Vulnerabilities #VU117210

#VU117210 Race condition in FortiAnalyzer - CVE-2025-54973

Published: October 15, 2025

Vulnerability identifier: #VU117210

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-54973

CWE-ID: CWE-362

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiAnalyzer

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to concurrent execution using shared resource with improper synchronization ('race condition') in FortiCloud SSO SAML authentication. An attacker can attempt to win a race condition to bypass the FortiCloud SSO authorization via crafted FortiCloud SSO requests.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-25-198

#VU117210 Race condition in FortiAnalyzer - CVE-2025-54973

Description

Remediation

External links

Please verify you're human