Improper Channel Restriction in FortiOS by Fortinet
CVE-2025-22251
3LOW
What is CVE-2025-22251?
An improper restriction of communication channel to intended endpoints vulnerability exists in FortiOS. This flaw permits an unauthenticated attacker to inject unauthorized sessions by manipulating FGSP session synchronization packets. The issue affects multiple versions of FortiOS, which may expose networks to significant security risks if not promptly addressed.
Affected Version(s)
FortiOS 7.6.0
FortiOS 7.4.0 <= 7.4.5
FortiOS 7.2.0 <= 7.2.11