Improper Access Control in Fortinet FortiSOAR PaaS and On-Premise Solutions
CVE-2025-59810

6.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortisoar On-premise; Fortisoar Paas
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-59810?

An improper access control vulnerability exists within Fortinet's FortiSOAR platforms, both PaaS and on-premise versions, across several releases. This vulnerability may enable an authenticated attacker to disclose sensitive information through the use of specially crafted requests, posing a significant risk to users' data integrity.

Affected Version(s)

FortiSOAR on-premise 7.6.0 <= 7.6.2

FortiSOAR on-premise 7.5.0 <= 7.5.1

FortiSOAR on-premise 7.4.0 <= 7.4.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-601

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Sep 22, 2025

JSON