A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability [CWE-362] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the FortiCloud SSO authorization via crafted FortiCloud SSO requests.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Fortinet
  • Fortianalyzer

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

Upgrade to FortiAnalyzer version 7.6.3 or above Upgrade to FortiAnalyzer version 7.4.7 or above Upgrade to FortiAnalyzer version 7.2.11 or above Upgrade to FortiAnalyzer version 7.0.14 or above

Workaround

No workaround given by the vendor.

References
Link Providers
https://fortiguard.fortinet.com/psirt/FG-IR-25-198 cve-icon cve-icon
History

Tue, 14 Oct 2025 15:45:00 +0000

Type Values Removed Values Added
Description A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability [CWE-362] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the FortiCloud SSO authorization via crafted FortiCloud SSO requests.
First Time appeared Fortinet
Fortinet fortianalyzer
Weaknesses CWE-362
CPEs cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortianalyzer
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:X/RL:X/RC:C'}
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2025-10-14T15:23:03.723Z

Reserved: 2025-08-04T08:14:35.422Z

Link: CVE-2025-54973

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2025-10-14T16:15:39.703

Modified: 2025-10-14T19:36:29.240

Link: CVE-2025-54973

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.