CVE Catalog

CVE-2025-25250

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.45%

36th percentile - higher than 36% of all known CVEs

Summary

In vulnerability CVE-2025-25250 in Fortinet FortiOS, an authenticated user can access full SSL-VPN settings via a crafted URL. This affects FortiOS versions 7.6.0, 7.4.0 through 7.4.7, as well as all versions of 7.2, 7.0, and 6.4, and FortiSASE 25.1.c.

Risk Assessment

This vulnerability may lead to the exposure of sensitive information, posing a risk to the organization's security. Allowing unauthorized access to SSL-VPN settings could result in serious data breaches.

Recommendation

It is recommended to update to the latest version of FortiOS to mitigate this vulnerability. Additionally, monitor access to SSL-VPN settings and implement further security measures.

Original NVD description (English source)

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiSASE 25.1.c may allow an authenticated user to access full SSL-VPN settings via crafted URL.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS