CVE-2025-54973

Name of the Vulnerable Software and Affected Versions Fortinet FortiAnalyzer versions 7.2.0 through 7.2.10 Fortinet FortiAnalyzer versions 7.4.0 through 7.4.6 Fortinet FortiAnalyzer versions 7.6.0 through 7.6.2 Fortinet FortiAnalyzer versions prior to 7.0.13

Description A race condition exists due to improper synchronization when handling shared resources. This allows an attacker to potentially bypass FortiCloud SSO authorization by sending specially crafted FortiCloud SSO requests during concurrent execution. The issue involves a flaw in how the system manages access control, potentially allowing unauthorized access.

Recommendations FortiAnalyzer versions 7.2.0 through 7.2.10 should be updated to a version later than 7.2.10. FortiAnalyzer versions 7.4.0 through 7.4.6 should be updated to a version later than 7.4.6. FortiAnalyzer versions 7.6.0 through 7.6.2 should be updated to a version later than 7.6.2. FortiAnalyzer versions prior to 7.0.13 should be updated to version 7.0.13 or later.