Primary

Context

Fortinet FortiOS and FortiProxy Improper Authorization Vulnerability Allowing Access to Static Files in Other VDOMs

Vulnerability

Patched

A vulnerability allowing improper authorization has been identified in Fortinet FortiOS versions 7.4.0 through 7.4.1 and prior to 7.2.8, as well as in Fortinet FortiProxy versions prior to 7.4.8. This vulnerability allows an authenticated attacker to access static files from other VDOMs by sending crafted HTTP or HTTPS requests.

Impact

Exploitation of this vulnerability could lead to unauthorized access to static files in other VDOMs, potentially allowing for the disclosure of sensitive information.

Remediation

Users of Fortinet FortiOS should upgrade to version 7.4.2 or 7.2.9, depending on their current version. Fortinet FortiProxy users should upgrade to version 7.4.9 or migrate to a fixed release, depending on their current version. A virtual patch is also available for Fortinet FortiOS users.

Added: Oct 14, 2025, 4:24 PM

Updated: Oct 14, 2025, 11:04 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiOS and FortiProxy Improper Authorization Vulnerability Allowing Access to Static Files in Other VDOMs

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiOS

Fortinet FortiProxy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating