CVE-2025-25250
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-10

Last updated on: 2025-07-22

Assigner: Fortinet, Inc.

Description
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-10
Last Modified
2025-07-22
Generated
2026-05-07
AI Q&A
2025-06-11
EPSS Evaluated
2026-05-05
NVD
CVE-2025-25250
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
fortinet fortios From 7.4.0 (inc) to 7.4.9 (inc)
fortinet fortisase 25.1.75
fortinet fortios 7.6.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Exposure of Sensitive Information to an Unauthorized Actor in FortiOS SSL-VPN web-mode. It affects multiple versions of FortiOS (7.6.0, 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions). An authenticated user can exploit this by using a crafted URL to access the full SSL-VPN settings, which they should not normally be able to see.


How can this vulnerability impact me? :

The vulnerability allows an authenticated user to access sensitive SSL-VPN configuration settings that they are not authorized to view. This could lead to unauthorized disclosure of sensitive information, potentially enabling further attacks or misuse of the VPN settings.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart