Main Vulnerability Database Vulnerabilities #VU119451

#VU119451 Direct Request ('Forced Browsing') in FortiAuthenticator - CVE-2025-57823

Published: December 9, 2025

Vulnerability identifier: #VU119451

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-57823

CWE-ID: CWE-425

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiAuthenticator

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to direct request ('forced browsing') on log access. An authenticated attacker with at least sponsor permissions can read and download device logs via accessing specific endpoints.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-25-554

#VU119451 Direct Request ('Forced Browsing') in FortiAuthenticator - CVE-2025-57823

Description

Remediation

External links

Please verify you're human