Improper Authentication Vulnerability in Fortinet FortiAnalyzer
CVE-2025-53845

6.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortianalyzer
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-53845?

An improper authentication vulnerability in Fortinet FortiAnalyzer versions 7.6.0 through 7.6.3 and before 7.4.6 enables an unauthenticated attacker to access sensitive information related to the device's health and operational status. Additionally, crafted OFTP requests may be leveraged to induce a denial of service condition, adversely affecting the functionality and availability of the device.

Affected Version(s)

FortiAnalyzer 7.6.0 <= 7.6.3

FortiAnalyzer 7.4.0 <= 7.4.6

FortiAnalyzer 7.2.0 <= 7.2.11

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-378

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Jul 10, 2025

JSON