CVE-2025-59808
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: Fortinet, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortisoar | 7.3 |
| fortinet | fortisoar | 7.5.1 |
| fortinet | fortisoar | 7.5.0 |
| fortinet | fortisoar | 7.6.1 |
| fortinet | fortisoar | 7.4 |
| fortinet | fortisoar | 7.6.0 |
| fortinet | fortisoar | From 7.3.0 (inc) to 7.5.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-620 | When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unverified password change issue in Fortinet FortiSOAR versions 7.3 through 7.6.2. It allows an attacker who already has access to a user's account to reset that user's password without needing to provide the current password, potentially enabling unauthorized credential changes.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with limited access to a user account to escalate their control by resetting the account password without verification. This can lead to unauthorized access, loss of account control, and potential disruption or compromise of the affected system.