CVE-2025-22251

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.4 through 7.6.0 FortiOS version 7.4.0 through 7.4.5

Description The issue is related to an improper restriction of communication channel to intended endpoints, which may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets.

Recommendations For FortiOS versions 6.4 through 7.6.0, update to a version that includes the fix for this issue. For FortiOS version 7.4.0 through 7.4.5, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to FGSP session synchronization packets to minimize the risk of exploitation.