vulnerability

Fortinet FortiAnalyzer: Server-Side Request Forgery (SSRF) (CVE-2023-25609)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Jun 13, 2023	Jun 19, 2023	Aug 1, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Jun 13, 2023

Added

Jun 19, 2023

Modified

Aug 1, 2025

Description

A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests.

Solution

fortinet-fortianalyzer-upgrade-latest

References

CVE-2023-25609
https://attackerkb.com/topics/CVE-2023-25609
URL-https://fortiguard.com/psirt/FG-IR-22-493

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today