Exposure of Sensitive Information in FortiOS SSL-VPN Web-Mode
CVE-2025-25250

4.3MEDIUM

Key Information:

Vendor

Fortinet
Status
FortiOS
Vendor
CVE Published:
10 June 2025

What is CVE-2025-25250?

A vulnerability in FortiOS affects the SSL-VPN web-mode, allowing authenticated users to gain unauthorized access to full SSL-VPN settings via a crafted URL, potentially compromising sensitive information. This exposure raises significant security concerns, emphasizing the need for immediate updates and vigilance in protecting network infrastructure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiOS 7.6.0

FortiOS 7.4.0 <= 7.4.7

FortiOS 7.2.0 <= 7.2.11

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-257

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.