SecuriTricks - CVE-2025-54973

Description

A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability [CWE-362] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the FortiCloud SSO authorization via crafted FortiCloud SSO requests.

Product(s) Impacted

Vendor	Product	Versions
Fortinet	Fortianalyzer	7.6.0-7.6.2, 7.4.0-7.4.6, 7.2.0-7.2.10, <7.0.13

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	fortinet	fortianalyzer	7.6.0-7.6.2	/	/	/	/	/	/	/
a	fortinet	fortianalyzer	7.4.0-7.4.6	/	/	/	/	/	/	/
a	fortinet	fortianalyzer	7.2.0-7.2.10	/	/	/	/	/	/	/
a	fortinet	fortianalyzer	<7.0.13	/	/	/	/	/	/	/

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-198

CVSS Score

5.3 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: HIGH
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: HIGH
Availability Impact: NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

View Vector String

Timeline

Published: Oct. 14, 2025, 4:15 p.m.
Last Modified: Oct. 14, 2025, 7:36 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@fortinet.com

CVE-2025-54973