CVE-2025-59923 is a security vulnerability identified in Fortinet's FortiAuthenticator product, specifically affecting versions 6.3.x through 6.6.6. The flaw stems from improper access control mechanisms within the product's administrative interface. An attacker who is authenticated with at least read-only administrative privileges can exploit this vulnerability by crafting specific requests that allow them to extract credentials associated with other administrators' messaging services. Messaging services credentials are sensitive as they may provide access to multi-factor authentication or alerting systems, potentially enabling further unauthorized access or reconnaissance. The vulnerability does not require user interaction and can be exploited remotely over the network (AV:N). The attack complexity is low (AC:L), but the attacker must already have high privileges (PR:H), meaning they need to be an authenticated admin with read-only rights. The vulnerability impacts confidentiality (C:L) but does not affect integrity or availability. The scope is unchanged (S:U), meaning the impact is limited to the vulnerable component. The CVSS score is 2.6 (low severity), reflecting the limited scope and required privileges. No public exploits or active exploitation have been reported to date. Fortinet has not yet published patches, but organizations should anticipate updates and implement compensating controls in the interim.

For European organizations, the primary impact is the potential unauthorized disclosure of administrator messaging service credentials, which could facilitate lateral movement or privilege escalation within the network. While the vulnerability requires authenticated access with read-only admin rights, such access might be obtained through compromised credentials or insider threats. Organizations relying on FortiAuthenticator for identity and access management, especially those integrating messaging services for alerts or multi-factor authentication, could see increased risk of credential theft leading to broader security incidents. The impact on confidentiality could undermine trust in authentication systems and potentially expose sensitive internal communications. However, since the vulnerability does not affect system integrity or availability, direct disruption of services is unlikely. The low CVSS score suggests limited immediate risk, but the sensitivity of the credentials involved warrants attention, particularly in sectors with stringent compliance requirements such as finance, healthcare, and government.

1. Restrict administrative access strictly to trusted personnel and minimize the number of users with read-only admin privileges. 2. Implement strong authentication mechanisms for all administrators, including multi-factor authentication, to reduce the risk of credential compromise. 3. Monitor administrative access logs and alert on unusual or suspicious activity, especially attempts to access messaging service credentials. 4. Segregate duties so that read-only admin roles do not have access to sensitive credential information where possible. 5. Apply Fortinet patches promptly once released to remediate the vulnerability. 6. Conduct regular audits of FortiAuthenticator configurations and permissions to ensure adherence to the principle of least privilege. 7. Consider network segmentation to limit access to FortiAuthenticator management interfaces. 8. Educate administrators about the risks of credential exposure and encourage secure handling of credentials. 9. If immediate patching is not possible, implement compensating controls such as enhanced monitoring and temporary restriction of read-only admin capabilities related to messaging services.