CVE-2025-54822 – An authenticated attacker can access static fil... (How to Fix)

Q: What is the severity of CVE-2025-54822?

CVE-2025-54822 has a CVSS score of 4.3 (MEDIUM). An authenticated attacker can access static files from other VDOMs (Virtual Domains) in affected Fortinet products by sending specially crafted HTTP/HTTPS requests. This improper authorization vulnerability affects FortiOS and FortiProxy across multiple versions, allowing cross-VDOM data leakage.

📋 TL;DR

An authenticated attacker can access static files from other VDOMs (Virtual Domains) in affected Fortinet products by sending specially crafted HTTP/HTTPS requests. This improper authorization vulnerability affects FortiOS and FortiProxy across multiple versions, allowing cross-VDOM data leakage.

💻 Affected Systems

Products:

Fortinet FortiOS
Fortinet FortiProxy

Versions: FortiOS 7.4.0-7.4.1, 7.2.0-7.2.8, 7.0.0-7.0.11; FortiProxy 7.4.0-7.4.8, 7.2 all, 7.0 all, 2.0 all

Operating Systems: FortiOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires multi-VDOM configuration and authenticated attacker access.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive configuration files, certificates, or other static data from other VDOMs could be exfiltrated, potentially enabling further attacks or exposing confidential information.

🟠

Likely Case

Limited data exposure from other VDOMs, potentially revealing configuration details or other non-critical static files.

🟢

If Mitigated

Minimal impact with proper VDOM segregation and access controls in place.

🌐 Internet-Facing: MEDIUM - Exploitation requires authentication, but internet-facing interfaces increase attack surface.

🏢 Internal Only: MEDIUM - Internal attackers with valid credentials could access data across VDOM boundaries.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires valid authentication credentials and knowledge of VDOM structure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiOS 7.4.2, 7.2.9, 7.0.12; FortiProxy 7.4.9, 7.2.1, 7.0.1, 2.0.1

Vendor Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-25-684

Restart Required: No

Instructions:

1. Download appropriate firmware version from Fortinet support portal. 2. Backup configuration. 3. Apply firmware update via web interface or CLI. 4. Verify successful upgrade.

🔧 Temporary Workarounds

Restrict VDOM Access

all

Implement strict access controls between VDOMs and limit authenticated user permissions.

config system admin
edit <admin_user>
set accprofile <restricted_profile>
end

🧯 If You Can't Patch

Implement network segmentation to isolate VDOM traffic.
Enable detailed logging and monitoring for cross-VDOM file access attempts.

🔍 How to Verify

Check if Vulnerable:

Check current version with 'get system status' and compare against affected versions.

Check Version:

get system status | grep Version

Verify Fix Applied:

Verify version is patched with 'get system status' showing version >= FortiOS 7.4.2, 7.2.9, 7.0.12 or FortiProxy 7.4.9, 7.2.1, 7.0.1, 2.0.1.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP/HTTPS requests accessing static files across VDOM boundaries
Failed authorization attempts for cross-VDOM resources

Network Indicators:

HTTP requests with crafted parameters targeting static files
Unexpected file transfers between VDOMs

SIEM Query:

source="fortigate" AND (url="*static*" OR url="*file*") AND src_vdom!=dst_vdom

📊 Metadata

CVE ID: CVE-2025-54822

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-285

EPSS Score: 0.05% exploit probability (14.6th percentile)

Published: October 14, 2025

Last Updated: January 14, 2026

🔗 References

https://fortiguard.fortinet.com/psirt/FG-IR-25-684 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54822, you might also want to check these: