- Description
- An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL.
- Source
- psirt@fortinet.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- psirt@fortinet.com
- CWE-200
- Hype score
- Not currently trending
FortiOS SSL-VPN の脆弱性 CVE-2025-25250 が FIX:情報漏えいの可能性 https://t.co/LJcArpISz3 この脆弱性 CVE-2025-25250 により、FortiOS SSL-VPN コンフィグへの不正アクセスが、認証済みユーザーに許されてしまうとのことです。
@iototsecnews
23 Jun 2025
69 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25250 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all ver… https://t.co/RcuR4c3gZs
@CVEnew
10 Jun 2025
225 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes