PT-2025-24717 · Fortinet · Fortios
Published
2025-06-10
·
Updated
2025-07-22
·
CVE-2025-25250
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FortiOS versions 6.4 and earlier
FortiOS versions 7.0 and earlier
FortiOS versions 7.2 and earlier
FortiOS versions 7.4.7 and earlier
FortiOS version 7.6.0
Description
The issue allows an authenticated user to access full SSL-VPN settings via a crafted URL, potentially exposing sensitive information to unauthorized actors.
Recommendations
For FortiOS version 7.6.0, update to a version that fixes the Exposure of Sensitive Information to an Unauthorized Actor issue.
For FortiOS versions 7.4.7 and earlier, update to a version that fixes the Exposure of Sensitive Information to an Unauthorized Actor issue.
For FortiOS versions 7.2 and earlier, update to a version that fixes the Exposure of Sensitive Information to an Unauthorized Actor issue.
For FortiOS versions 7.0 and earlier, update to a version that fixes the Exposure of Sensitive Information to an Unauthorized Actor issue.
For FortiOS versions 6.4 and earlier, update to a version that fixes the Exposure of Sensitive Information to an Unauthorized Actor issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios