Main Vulnerability Database Vulnerabilities #VU111047

#VU111047 Improper restriction of communication channel to intended endpoints in FortiOS - CVE-2025-22251

Published: June 11, 2025

Vulnerability identifier: #VU111047

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-22251

CWE-ID: CWE-923

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
FortiOS

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper restriction of communication channel to intended endpoints in FGSP. An unauthenticated attacker can inject unauthorized sessions via crafted FGSP session synchronization packets.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-24-287

#VU111047 Improper restriction of communication channel to intended endpoints in FortiOS - CVE-2025-22251

Description

Remediation

External links

Please verify you're human