CVE-2025-25248: 
FortiOS vulnerability analysis and mitigation

An Integer Overflow or Wraparound vulnerability (CVE-2025-25248) was discovered in FortiOS, FortiPAM, and FortiProxy SSL-VPN RDP and VNC bookmarks. The vulnerability was initially published on August 12, 2025, and affects multiple versions of these products. It has been assigned a medium severity rating with a CVSSv3 score of 4.8 (Fortiguard PSIRT).

The vulnerability is classified as an Integer Overflow or Wraparound vulnerability [CWE-190] that specifically affects the SSL-VPN bookmarks functionality in the affected products. The issue can be triggered through crafted requests by an authenticated user to the SSL-VPN service (Fortiguard PSIRT).

If successfully exploited, this vulnerability can affect the device SSL-VPN availability, potentially resulting in a denial of service condition for the SSL-VPN service (Fortiguard PSIRT).

Fortinet has released patches for affected versions. Users should upgrade to the following versions: FortiOS 7.6.3 or above (for 7.6.x), FortiOS 7.4.8 or above (for 7.4.x), FortiOS 7.2.11 or above (for 7.2.x), FortiPAM 1.5.1 or above (for 1.5.x), FortiPAM 1.4.3 or above (for 1.4.x), and FortiProxy 7.6.3 or above (for 7.6.x). Users of older versions should migrate to a fixed release. Fortinet provides an upgrade path tool at their documentation site for guidance (Fortiguard PSIRT).