Race Condition Vulnerability in Fortinet FortiAnalyzer Products
CVE-2025-54973

5.3MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortianalyzer
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-54973?

A vulnerability in Fortinet FortiAnalyzer products allows an attacker to exploit improper synchronization in concurrent executions. By sending crafted requests, an attacker could potentially bypass FortiCloud SSO authorization, compromising authentication mechanisms. The vulnerability affects multiple versions of FortiAnalyzer, necessitating users to update as per the latest security advisory.

Affected Version(s)

FortiAnalyzer 7.6.0 <= 7.6.2

FortiAnalyzer 7.4.0 <= 7.4.6

FortiAnalyzer 7.2.0 <= 7.2.10

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-198

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Aug 4, 2025

JSON