CVE-2025-54822 in FortiProxy
Summary
by MITRE • 10/14/2025
An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/15/2026
This vulnerability represents a critical authorization flaw that affects multiple Fortinet security products including FortiOS and FortiProxy versions across several release streams. The issue stems from improper access control mechanisms that fail to properly validate user permissions when processing requests for static files across virtual domains. An authenticated attacker with valid credentials can exploit this weakness to access sensitive static content belonging to other virtual domains within the same system, fundamentally undermining the isolation guarantees that VDOMs are designed to provide.
The technical implementation of this vulnerability involves the failure to properly enforce cross-domain access controls during HTTP or HTTPS request processing. When an attacker crafts malicious requests targeting static files, the system does not adequately verify whether the requesting user has legitimate access rights to the target VDOM's resources. This authorization bypass occurs because the system fails to implement proper VDOM context validation before serving static content, allowing unauthorized access to files that should remain isolated between different virtual domains. The vulnerability specifically impacts the static file serving functionality within the web interface components of these security appliances.
The operational impact of this vulnerability is significant as it enables attackers to potentially access sensitive configuration files, log data, and other static content that may contain confidential information about network infrastructure, user activities, or system configurations. This unauthorized access could lead to information disclosure that might reveal network topology, security policies, or other sensitive operational details that could be leveraged for further attacks. The vulnerability affects multiple product lines and versions, amplifying its potential impact across various Fortinet deployments and creating widespread exposure across different security infrastructure components.
Organizations affected by this vulnerability should prioritize immediate remediation through official Fortinet security patches and updates. The recommended mitigation strategy includes applying the latest firmware versions that address the authorization validation issues in the web interface components. Additionally, network administrators should implement additional monitoring and access control measures to detect unusual file access patterns that might indicate exploitation attempts. The vulnerability aligns with CWE-285 which specifically addresses improper authorization issues, and could potentially map to ATT&CK techniques related to privilege escalation and credential access through unauthorized data access.
Security teams should conduct comprehensive audits of their Fortinet deployments to identify all affected versions and ensure proper patch management procedures are in place. The vulnerability demonstrates the critical importance of maintaining proper isolation boundaries between virtual domains, particularly in enterprise security infrastructure where multiple tenants or business units may share the same physical appliance. Regular security assessments and penetration testing should be performed to verify that access control mechanisms are properly enforced across all system components. Organizations should also consider implementing network segmentation and additional logging controls to detect and prevent unauthorized access attempts to static content across virtual domains.