CVE-2025-53379 PUBLISHED

Assigner: fortinet
Reserved: 27.06.2025 Published: 14.07.2026 Updated: 14.07.2026

A out-of-bounds read vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.2, FortiAuthenticator 6.5 all versions may allow a remote unauthenticated attacker to retrieve sensitive information via a specially crafted request.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
CVSS Score: 7

Product Status

Vendor Fortinet
Product FortiAuthenticator
Versions Default: unaffected
  • affected from 6.6.0 to 6.6.2 (incl.)
  • affected from 6.5.0 to 6.5.7 (incl.)
  • affected from 6.4.0 to 6.4.11 (incl.)
  • affected from 6.3.0 to 6.3.5 (incl.)

Solutions

Upgrade to FortiAuthenticator version 6.6.3 or above

References

Problem Types

  • Information disclosure CWE