A Server-Side Request Forgery (SSRF) vulnerability (CVE-2025-59809, CVSSv3 4.1) in FortiSOAR allows authenticated attackers to discover services on local ports via crafted report templates and scheduling. Affected versions include FortiSOAR PaaS and on-premise 7.3 all versions, 7.4 all versions, 7.5.0 through 7.5.2, and specific 7.6.x releases. The solution is to upgrade to fixed releases, such as 7.6.5, 7.6.3, 7.5.3, or migrate from unsupported major versions.
PSIRT SSRF via Report template and scheduling Summary A Server-Side request forgery (SSRF) vulnerability [CWE-918] in FortiSOAR may allow an authenticated attacker to discover services running on local ports via crafted requests. Version Affected Solution FortiSOAR PaaS 7.6 7.6.4 Upgrade to 7.6.5 or above FortiSOAR PaaS 7.6 7.6.0 through 7.6.2 Upgrade to 7.6.3 or 7.6.5 FortiSOAR PaaS 7.5 7.5.0 through 7.5.2 Upgrade to 7.5.3 or above FortiSOAR PaaS 7.4 7.4 all versions Migrate to a fixed release FortiSOAR PaaS 7.3 7.3 all versions Migrate to a fixed release FortiSOAR on-premise 7.6 7.6.4 Upgrade to 7.6.5 or above FortiSOAR on-premise 7.6 7.6.0 through 7.6.2 Upgrade to 7.6.3 or 7.6.5 FortiSOAR on-premise 7.5 7.5.0 through 7.5.2 Upgrade to 7.5.3 or above FortiSOAR on-premise 7.4 7.4 all versions Migrate to a fixed release FortiSOAR on-premise 7.3 7.3 all versions Migrate to a fixed release Acknowledgement Internally discovered and reported by Shripal Rawal of Fortinet PSIRT team. Timeline 2026-04-14: Initial publication IR Number FG-IR-26-103 Published Date Apr 14, 2026 Component GUI Severity Medium Discovered Internal Attack Type Authenticated Known Exploited No CVSSv3 Score 4.1 Impact Information disclosure CVE ID CVE-2025-59809 Download CVRF CSAF