Fortinet has disclosed a brand new safety vulnerability affecting its FortiOS SSL-VPN web-mode that permits authenticated customers to achieve unauthorized entry to finish SSL-VPN configuration settings by specifically crafted URLs.
The vulnerability, designated as CVE-2025-25250, was printed at present and impacts a number of variations of the favored community safety platform.
The vulnerability stems from an “Publicity of Delicate Info to an Unauthorized Actor” weak point, categorised underneath CWE-200 within the Frequent Weak point Enumeration database.
Whereas the safety flaw requires consumer authentication to take advantage of, it presents vital privateness and safety issues because it permits attackers to view complete SSL-VPN settings that ought to stay restricted.
The vulnerability impacts an in depth vary of FortiOS variations, creating a considerable affect throughout Fortinet’s consumer base. FortiOS variations 6.4, 7.0, and seven.2 of their entirety require migration to mounted releases, as no patches can be found for these older variations.
More moderen variations present various publicity ranges: FortiOS 7.4.0 by 7.4.7 require fast upgrades to model 7.4.8 or increased, whereas FortiOS 7.6.0 customers ought to improve to model 7.6.1 or above.
Moreover, FortiSASE model 25.1.c was affected by this vulnerability, although Fortinet has already addressed the difficulty in FortiSASE model 25.2.a, requiring no motion from prospects utilizing the cloud-based safety service.
Regardless of the potential for info disclosure, Fortinet has assigned the vulnerability a low severity score with a CVSSv3 rating of three.9. This comparatively low rating displays the requirement for authentication earlier than exploitation can happen, limiting the vulnerability’s fast risk degree.
Nonetheless, safety consultants emphasize that any unauthorized entry to community configuration knowledge represents a severe safety concern, significantly in enterprise environments the place SSL-VPN settings could comprise delicate community topology info.
Fortinet strongly recommends that organizations working affected variations implement the prescribed upgrades instantly. The corporate has supplied a complete improve device at docs.fortinet.com/upgrade-tool to help directors in following the advisable improve path safely.
The vulnerability disclosure, catalogued as IR Quantity FG-IR-24-257, demonstrates Fortinet’s dedication to clear safety reporting. Organizations ought to prioritize patching efforts and evaluate their SSL-VPN entry controls to make sure correct authentication mechanisms stay in place in the course of the transition interval.
Safety groups ought to monitor for any uncommon SSL-VPN entry patterns and think about implementing further monitoring measures till upgrades are accomplished throughout all affected programs.
Automate risk response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs throughout all endpoints -> Request full entry
