Improper Channel Restriction in FortiOS by Fortinet
CVE-2025-22251

3LOW

Key Information:

Vendor

Fortinet

Status
Vendor
CVE Published:
10 June 2025

What is CVE-2025-22251?

An improper restriction of communication channel to intended endpoints vulnerability exists in FortiOS. This flaw permits an unauthenticated attacker to inject unauthorized sessions by manipulating FGSP session synchronization packets. The issue affects multiple versions of FortiOS, which may expose networks to significant security risks if not promptly addressed.

Affected Version(s)

FortiOS 7.6.0

FortiOS 7.4.0 <= 7.4.5

FortiOS 7.2.0 <= 7.2.11

References

CVSS V3.1

Score:
3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.