CVE-2025-25250
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk36th percentile - higher than 36% of all known CVEs
Summary
In vulnerability CVE-2025-25250 in Fortinet FortiOS, an authenticated user can access full SSL-VPN settings via a crafted URL. This affects FortiOS versions 7.6.0, 7.4.0 through 7.4.7, as well as all versions of 7.2, 7.0, and 6.4, and FortiSASE 25.1.c.
Risk Assessment
This vulnerability may lead to the exposure of sensitive information, posing a risk to the organization's security. Allowing unauthorized access to SSL-VPN settings could result in serious data breaches.
Recommendation
It is recommended to update to the latest version of FortiOS to mitigate this vulnerability. Additionally, monitor access to SSL-VPN settings and implement further security measures.
Original NVD description (English source)
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiSASE 25.1.c may allow an authenticated user to access full SSL-VPN settings via crafted URL.

