Improper Channel Restriction in FortiOS by Fortinet
CVE-2025-22251

3LOW

Key Information:

Vendor: Fortinet
Status: FortiOS
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-22251?

An improper restriction of communication channel to intended endpoints vulnerability exists in FortiOS. This flaw permits an unauthenticated attacker to inject unauthorized sessions by manipulating FGSP session synchronization packets. The issue affects multiple versions of FortiOS, which may expose networks to significant security risks if not promptly addressed.

Affected Version(s)

FortiOS 7.6.0

FortiOS 7.4.0 <= 7.4.5

FortiOS 7.2.0 <= 7.2.11

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-287

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Jan 2, 2025