PT-2025-50125 · Fortinet · Fortios
Published
2025-12-09
·
Updated
2025-12-10
·
CVE-2025-62631
CVSS v3.1
5.6
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiOS versions 6.4, 7.0, 7.2, and 7.4.0
Description
An insufficient session expiration exists in Fortinet FortiOS. Specifically, an active SSLVPN session may not terminate after a user’s password change under certain conditions. This could allow an attacker to maintain access to network resources.
Recommendations
Fortinet FortiOS version 7.4.1 or later should be used.
Fortinet FortiOS version 7.2.5 or later should be used.
Fortinet FortiOS version 7.0.10 or later should be used.
Fortinet FortiOS version 6.4.11 or later should be used.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios