7.2
CVE-2025-53744
- EPSS 0.57%
- Veröffentlicht 12.08.2025 18:59:22
- Zuletzt bearbeitet 09.06.2026 10:16:38
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via registering the device to a malicious FortiManager.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.57% | 0.427 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@fortinet.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
https://fortiguard.fortinet.com/psirt/FG-IR-25-173
https://cert-portal.siemens.com/productcert/html/ssa-864900.html