Vulnerability Details CVE-2025-54838
An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests.
Exploit prediction scoring system (EPSS) score
CVSS Severity
CVSS v3 Score 6.8
Products affected by CVE-2025-54838
-
cpe:2.3:a:fortinet:fortiportal:7.4.0
-
cpe:2.3:a:fortinet:fortiportal:7.4.1
-
cpe:2.3:a:fortinet:fortiportal:7.4.2
-
cpe:2.3:a:fortinet:fortiportal:7.4.3
-
cpe:2.3:a:fortinet:fortiportal:7.4.4
-
cpe:2.3:a:fortinet:fortiportal:7.4.5