Improper Access Control Vulnerability in Fortinet FortiAuthenticator
CVE-2025-59923

2.6LOW

Key Information:

Vendor: Fortinet
Status: Fortiauthenticator
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-59923?

An improper access control vulnerability has been identified in Fortinet FortiAuthenticator across several versions. This flaw enables an authenticated attacker with read-only admin privileges to exploit crafted requests to gain unauthorized access to the credentials of other administrators' messaging services. If not addressed, this vulnerability poses a significant risk to the security posture of organizations relying on FortiAuthenticator for authentication services.

Affected Version(s)

FortiAuthenticator 6.6.0 <= 6.6.6

FortiAuthenticator 6.5.0 <= 6.5.6

FortiAuthenticator 6.4.0 <= 6.4.10

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-616

CVSS V3.1

Score:

2.6

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Sep 23, 2025

JSON