VYPR
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Jan 14, 2026

CVE-2025-59808

CVE-2025-59808

Description

An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim's user account to reset the account credentials without being prompted for the account's password

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*
    Range: 7.6.0
  • Fortinet/Fortisoarcpe-rescue2 versions
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*range: 7.6.0
    • (no CPE)range: >=7.3 <=7.6.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.