- Description
- An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortisase, fortios
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- psirt@fortinet.com
- CWE-200
- Hype score
- Not currently trending
FortiOS SSL-VPN の脆弱性 CVE-2025-25250 が FIX:情報漏えいの可能性 https://t.co/LJcArpISz3 この脆弱性 CVE-2025-25250 により、FortiOS SSL-VPN コンフィグへの不正アクセスが、認証済みユーザーに許されてしまうとのことです。
@iototsecnews
23 Jun 2025
69 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25250 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all ver… https://t.co/RcuR4c3gZs
@CVEnew
10 Jun 2025
225 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortisase:25.1.75:*:*:*:-:*:*:*",
"matchCriteriaId": "ABDA3F6A-4983-404C-BAEF-9D86C635E722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B680FFD-D548-4E53-877F-71E72C99E25E",
"versionEndExcluding": "7.4.8",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44CE8EE3-D64A-49C8-87D7-C18B302F864A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]