Main Vulnerability Database Vulnerabilities #VU111041

Information disclosure in FortiOS - CVE-2025-25250

Published: June 11, 2025

Vulnerability identifier: #VU111041

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-25250

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiOS

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to exposure of sensitive information to an unauthorized actor on SSLVPN endpoint. An authenticated user can access full SSL-VPN settings via crafted URL.

How to mitigate CVE-2025-25250

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-24-257

Information disclosure in FortiOS - CVE-2025-25250

Detailed vulnerability description

How to mitigate CVE-2025-25250

Sources

Please verify you're human