CVE-2025-54822

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 7.4.0 through 7.4.1 and versions prior to 7.2.8 Fortinet FortiProxy versions prior to 7.4.8

Description An improper authorization issue exists that allows an authenticated attacker to access static files of other Virtual Domain (VDOM) instances by sending specially crafted HTTP or HTTPS requests. The issue is related to authorization controls.

Recommendations Fortinet FortiOS versions 7.4.0 through 7.4.1 should be updated. Fortinet FortiOS versions prior to 7.2.8 should be updated. Fortinet FortiProxy versions prior to 7.4.8 should be updated.