CVE-2025-59808 is an improper access control vulnerability identified in Fortinet's FortiSOAR on-premise and PaaS versions 7.3.0 through 7.6.2. The flaw allows an attacker who has already gained access to a user account with low privileges to reset the password of that account without providing the current password, effectively bypassing the normal authentication requirement for password changes. This vulnerability stems from insufficient verification mechanisms during the password reset process, categorized under CWE-620 (Unverified Password Change). The attack vector is network-based (AV:N), requires low privileges (PR:L), and no user interaction (UI:N), but has a high attack complexity (AC:H), indicating some conditions must be met for exploitation. The impact affects integrity and availability (I:H, A:H) but not confidentiality (C:N), meaning attackers can alter account credentials and potentially disrupt services but cannot directly access confidential data through this flaw. The vulnerability has an exploitability rating of high (E:H) and is officially published with a CVSS v3.1 score of 6.5, reflecting a medium severity level. No public exploits have been reported yet, but the vulnerability is significant due to FortiSOAR's role in security orchestration, automation, and response, which is critical for incident management workflows. The affected versions span multiple recent releases, indicating a broad exposure for organizations that have not updated to patched versions or applied mitigations.

For European organizations, this vulnerability poses a risk to the integrity and availability of FortiSOAR-managed security operations. An attacker exploiting this flaw could hijack user accounts, escalate privileges, and disrupt automated incident response processes, potentially delaying or preventing effective threat mitigation. This could lead to increased exposure to other cyber threats, operational downtime, and loss of trust in security infrastructure. Organizations in sectors such as finance, energy, telecommunications, and government, which rely heavily on FortiSOAR for security orchestration, are particularly vulnerable. The inability to verify password changes undermines internal security controls and could facilitate insider threats or lateral movement by attackers who have compromised low-privilege accounts. While confidentiality is not directly impacted, the disruption to security workflows can indirectly lead to data breaches or compliance violations under regulations like GDPR if incidents are not properly managed.

European organizations should immediately assess their FortiSOAR deployments to identify affected versions (7.3.0 through 7.6.2) and prioritize upgrading to patched releases once available from Fortinet. In the absence of patches, implement strict access control policies limiting user privileges to the minimum necessary and monitor account activities for unusual password reset attempts. Enforce multi-factor authentication (MFA) for all FortiSOAR user accounts to reduce the risk of account compromise. Regularly audit user accounts and permissions to detect and remove unauthorized access. Network segmentation should be applied to isolate FortiSOAR servers from less trusted network zones. Additionally, enable detailed logging and alerting on password change events to quickly identify potential exploitation attempts. Security teams should also review incident response procedures to handle potential account hijacking scenarios. Coordination with Fortinet support for timely updates and advisories is essential.