CVE-2025-59810

Summary

An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSOAR on-premise7.6.0 <= 7.6.2affected
FortinetFortiSOAR on-premise7.5.0 <= 7.5.1affected
FortinetFortiSOAR on-premise7.4.0 <= 7.4.5affected
FortinetFortiSOAR on-premise7.3.0 <= 7.3.3affected
FortinetFortiSOAR PaaS7.6.0 <= 7.6.2affected
FortinetFortiSOAR PaaS7.5.0 <= 7.5.1affected
FortinetFortiSOAR PaaS7.4.0 <= 7.4.5affected
FortinetFortiSOAR PaaS7.3.0 <= 7.3.3affected

Weaknesses

  • CWE-284: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References