CVE-2025-25248

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: FortiOS versions prior to 7.6.3 FortiProxy versions prior to 7.6.3 FortiPAM versions prior to 1.5.1

Description: An Integer Overflow or Wraparound vulnerability [CWE-190] may allow an authenticated user to affect the device’s SSL-VPN availability via crafted requests. This vulnerability affects SSL-VPN RDP and VNC bookmarks.

Recommendations: FortiOS: Update to version 7.6.3 or later. FortiProxy: Update to version 7.6.3 or later. FortiPAM: Update to version 1.5.1 or later.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2025-09923

CVE-2025-25248

Affected Products

Fortios

Fortipam

Fortiproxy

CVE-2025-25248

Weakness Enumeration

Related Identifiers

Affected Products

References · 8