PT-2025-32884 · Fortinet · Fortios Security Fabric
Published
2025-08-12
·
Updated
2025-08-15
·
CVE-2025-53744
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
FortiOS Security Fabric versions 6.4 all versions
FortiOS Security Fabric versions 7.0 all versions
FortiOS Security Fabric versions 7.2 all versions
FortiOS Security Fabric versions 7.4.0 through 7.4.7
FortiOS Security Fabric versions 7.6.0 through 7.6.2
Description:
An incorrect privilege assignment vulnerability may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via registering the device to a malicious FortiManager.
Recommendations:
For versions 6.4 all versions, update to a newer version that contains a fix for this vulnerability.
For versions 7.0 all versions, update to a newer version that contains a fix for this vulnerability.
For versions 7.2 all versions, update to a newer version that contains a fix for this vulnerability.
For versions 7.4.0 through 7.4.7, update to a newer version that contains a fix for this vulnerability.
For versions 7.6.0 through 7.6.2, update to a newer version that contains a fix for this vulnerability.
Fix
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios Security Fabric