CVE-2025-25248

Published Aug 12, 2025

Last updated 9 months ago

CVSS medium 5.3

Overview

Description: An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions SSL-VPN RDP and VNC bookmarks may allow an authenticated user to affect the device SSL-VPN availability via crafted requests.
Source: psirt@fortinet.com
NVD status: Analyzed
Products: fortios, fortipam, fortiproxy

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

psirt@fortinet.com: CWE-190

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "753664B2-3AE8-499A-9C8A-B7D928439697",
            "versionEndExcluding": "7.2.11",
            "versionStartIncluding": "6.4.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "26515743-5A9A-4885-A08E-535E4ABE0153",
            "versionEndExcluding": "7.4.8",
            "versionStartIncluding": "7.4.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "D6B883B9-9ECD-4BC5-B497-770F34F92473",
            "versionEndExcluding": "7.6.3",
            "versionStartIncluding": "7.6.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "6C39FBB2-E81C-4207-AFDD-080EC80F00A3",
            "versionEndExcluding": "1.4.3",
            "versionStartIncluding": "1.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "0401C6C0-DC87-4728-873E-6DA489C859A8",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "85275281-B082-4A93-9794-7625F8C205C3",
            "versionEndExcluding": "7.4.4",
            "versionStartIncluding": "2.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "50E93879-C162-4280-9687-89A4ADBB7287",
            "versionEndExcluding": "7.6.3",
            "versionStartIncluding": "7.6.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References