CVE-2025-53845
MEDIUM WAF: Low
CVSS 6.5
Published: 2025-10-14
CWE-287
An improper authentication vulnerability [CWE-287] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortianalyzer | 6.4.0 - 7.4.7 |
| fortinet | fortianalyzer | 7.6.0 - 7.6.4 |
References
- fortiguard.fortinet.com (Vendor Advisory)