CVE-2025-59923_CVE-2025-59923

2.6 / 10

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C

Description

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.4, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the credentials of other administrators' messaging services via crafted requests.

Basic Information

ID CVE-2025-59923

Source fortinet

Published Dec 9, 2025 at 17:18

Affected Product

Vendor Fortinet

Product FortiAuthenticator

Version 6.6.0

Affected Versions Fortinet FortiAuthenticator 6.6.0
Fortinet FortiAuthenticator 6.5.0
Fortinet FortiAuthenticator 6.4.0

CWE Classification

CWE-284

References

fortiguard.fortinet.com /psirt/FG-IR-25-616

{
    "lastseen": "",
    "description": "An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.4, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the credentials of other administrators' messaging services via crafted requests.",
    "published": "2025-12-09T17:18:45.658Z",
    "modified": "2025-12-09T17:18:45.658Z",
    "type": "cve",
    "title": "CVE-2025-59923",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-25-616",
    "id": "CVE-2025-59923",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiAuthenticator 6.6.0\nFortinet FortiAuthenticator 6.5.0\nFortinet FortiAuthenticator 6.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 2.6,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiAuthenticator",
    "version": "6.6.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}