PT-2025-41947 · Fortinet · Fortios
Published
2025-10-14
·
Updated
2025-10-14
·
CVE-2025-25252
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FortiOS versions 7.6.0 through 7.6.2
FortiOS versions 7.4.0 through 7.4.6
FortiOS versions 7.2.0 through 7.2.10
FortiOS versions 7.0.0 through 7.0.16
FortiOS version 6.4
Description
An insufficient session expiration issue exists in FortiOS SSL VPN. A remote attacker, potentially a former administrator with access to a user's SAML record, may be able to access or re-open an existing session by reusing the SAML record.
Recommendations
Update FortiOS to a version later than 7.6.2.
Update FortiOS to a version later than 7.4.6.
Update FortiOS to a version later than 7.2.10.
Update FortiOS to a version later than 7.0.16.
Update FortiOS to a version later than 6.4.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios