{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-59809", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2025-09-22T08:19:21.055Z", "datePublished": "2026-04-14T15:38:15.104Z", "dateUpdated": "2026-04-14T16:46:16.247Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiSOAR on-premise", "cpes": ["cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.6.4", "status": "affected"}, {"versionType": "semver", "version": "7.6.0", "lessThanOrEqual": "7.6.2", "status": "affected"}, {"versionType": "semver", "version": "7.5.0", "lessThanOrEqual": "7.5.2", "status": "affected"}, {"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.5", "status": "affected"}, {"versionType": "semver", "version": "7.3.0", "lessThanOrEqual": "7.3.3", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiSOAR PaaS", "cpes": ["cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.6.4", "status": "affected"}, {"versionType": "semver", "version": "7.6.0", "lessThanOrEqual": "7.6.2", "status": "affected"}, {"versionType": "semver", "version": "7.5.0", "lessThanOrEqual": "7.5.2", "status": "affected"}, {"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.5", "status": "affected"}, {"versionType": "semver", "version": "7.3.0", "lessThanOrEqual": "7.3.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to discover services running on local ports via crafted requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-14T15:38:15.104Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-918", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to FortiSOAR PaaS version 7.6.3 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-103", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-103"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-59809", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T16:34:45.731183Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:46:16.247Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-59809", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T16:34:45.731183Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:37:22.845Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSOAR on-premise", "versions": [{"status": "affected", "version": "7.6.4"}, {"status": "affected", "version": "7.6.0", "versionType": "semver", "lessThanOrEqual": "7.6.2"}, {"status": "affected", "version": "7.5.0", "versionType": "semver", "lessThanOrEqual": "7.5.2"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.5"}, {"status": "affected", "version": "7.3.0", "versionType": "semver", "lessThanOrEqual": "7.3.3"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSOAR PaaS", "versions": [{"status": "affected", "version": "7.6.4"}, {"status": "affected", "version": "7.6.0", "versionType": "semver", "lessThanOrEqual": "7.6.2"}, {"status": "affected", "version": "7.5.0", "versionType": "semver", "lessThanOrEqual": "7.5.2"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.5"}, {"status": "affected", "version": "7.3.0", "versionType": "semver", "lessThanOrEqual": "7.3.3"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to FortiSOAR PaaS version 7.6.3 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-103", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-103"}], "descriptions": [{"lang": "en", "value": "A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to discover services running on local ports via crafted requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-14T15:38:15.104Z"}}}, "cveMetadata": {"cveId": "CVE-2025-59809", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:46:16.247Z", "dateReserved": "2025-09-22T08:19:21.055Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2026-04-14T15:38:15.104Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to discover services running on local ports via crafted requests."}], "id": "CVE-2025-59809", "lastModified": "2026-04-14T16:16:31.103", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2026-04-14T16:16:31.103", "references": [{"source": "psirt@fortinet.com", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-103"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.6.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.6.0,7.6.2]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.5.0,7.5.2]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.4.0,7.4.5]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.3.0,7.3.3]"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "FortiSOAR on-premise", "source": "cna", "vendor": "Fortinet"}, "product": "fortisoaron-premise", "vendor": "fortinet"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.6.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.6.0,7.6.2]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.5.0,7.5.2]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.4.0,7.4.5]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.3.0,7.3.3]"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "FortiSOAR PaaS", "source": "cna", "vendor": "Fortinet"}, "product": "fortisoarpaas", "vendor": "fortinet"}], "analysis": {"en": {"generated_at": "2026-04-14T17:42:10.357856+00:00", "value": {"mitigation_remediation": ["Upgrade FortiSOAR to a version that remediates the SSRF vulnerability. For on\u2011premise deployments, apply version 7.6.5 or later. For PaaS, apply version 7.6.5 or later.", "After upgrading, test that internal port requests made via FortiSOAR are rejected or blocked to confirm the vulnerability is closed.", "Continuously monitor authentication sessions and system logs for any attempted SSRF activity and enforce network segmentation to limit internal side\u2011channel access."], "summary": {"action": "Patch immediately", "impact": "Unauthorized internal service discovery via SSRF"}, "threat_synthesis": {"affected_systems": "Affected products include FortiSOAR on\u2011premise versions 7.3.x through 7.6.4, and FortiSOAR PaaS versions 7.3.x through 7.6.4. All sub\u2011versions listed in the CNA CPE data are impacted. Both on\u2011premise and PaaS deployments must be addressed.", "description_and_impact": "Fortinet FortiSOAR PaaS and on\u2011premise versions contain a server\u2011side request forgery (SSRF) flaw (CWE\u2011918). An authenticated attacker can send crafted requests that cause FortiSOAR to reach internal ports, allowing discovery of services running on the local host. The primary impact is that an attacker gains visibility into the internal network and can use this information for lateral movement or other attacks.", "risk_and_exploitability": "The CVSS score is 4.1, indicating moderate severity. No EPSS data is available and the vulnerability is not listed in the KEV catalog. Exploitation requires valid authentication and crafted requests, so the likelihood is moderate but limited to users with access. The risk is primarily the exposure of internal services, and remediation is advised promptly."}}}}, "created": "2026-04-15T14:41:09.660219+00:00", "title": "Authenticated SSRF Allows Discovery of Internal Services in FortiSOAR", "updated": "2026-04-15T15:30:06.821775+00:00", "vendors": ["fortinet", "fortinet$PRODUCT$fortisoaron-premise", "fortinet$PRODUCT$fortisoarpaas"]}