Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-25250
CVE-2025-25250:
FortiOS vulnerability analysis and mitigation
Overview
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability (CVE-2025-25250) was discovered in FortiOS SSL-VPN web-mode, affecting multiple FortiOS versions including 7.6.0, 7.4.7 and below, 7.2, 7.0, 6.4 (all versions), and FortiSASE version 25.1.c. The vulnerability was publicly disclosed on June 10, 2025, and has been assigned a CVSS v3.1 base score of 4.3 (Medium) (Wiz, Fortinet PSIRT).
Technical details
The vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) with a CVSS v3.1 vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The flaw requires user authentication to exploit and allows authenticated users to access full SSL-VPN settings through specially crafted URLs (NVD, Wiz).
Impact
The vulnerability enables authenticated users to gain unauthorized access to complete SSL-VPN configuration settings, potentially exposing sensitive network topology information. While requiring authentication limits the immediate threat level, the exposure of comprehensive SSL-VPN settings presents significant privacy and security concerns, particularly in enterprise environments (Cybersecurity News).
Mitigation and workarounds
Fortinet has released fixes for all affected versions. Users should upgrade FortiOS 7.6.0 to version 7.6.1 or above, FortiOS 7.4.0 through 7.4.7 to version 7.4.8 or above. For FortiOS versions 7.2, 7.0, and 6.4 (all versions), users must migrate to a fixed release. FortiSASE users running version 25.1.c are automatically protected as the issue was remediated in version 25.2.a. Fortinet provides an upgrade tool at docs.fortinet.com/upgrade-tool to assist with the recommended upgrade path (Fortinet PSIRT).
Community reactions
Security experts emphasize that while the vulnerability has a relatively low severity rating, any unauthorized access to network configuration data represents a serious security concern, particularly in enterprise environments where SSL-VPN settings may contain sensitive network topology information (Cybersecurity News).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management