CVE-2025-53744

medium Fortinet
CVSS v3 Base Score
6.8
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
EPSS Score
0.7%
Exploitation probability in 30 days
Top 28% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Published: August 12, 2025 (331 days ago)
Last Modified: June 9, 2026
Vendor: Fortinet
Source: MITRE

Description

An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via registering the device to a malicious FortiManager.

CWE

CWE-266

Affected Products

Fortinet FortiOS

References