Main Vulnerability Database Vulnerabilities #VU111047

Improper restriction of communication channel to intended endpoints in FortiOS - CVE-2025-22251

Published: June 11, 2025

Vulnerability identifier: #VU111047

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-22251

CWE-ID: CWE-923

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiOS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper restriction of communication channel to intended endpoints in FGSP. An unauthenticated attacker can inject unauthorized sessions via crafted FGSP session synchronization packets.

How to mitigate CVE-2025-22251

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-24-287

Improper restriction of communication channel to intended endpoints in FortiOS - CVE-2025-22251

Detailed vulnerability description

How to mitigate CVE-2025-22251

Sources

Please verify you're human