Main Vulnerability Database Vulnerabilities #VU119429

#VU119429 Insufficient Session Expiration in FortiOS - CVE-2025-62631

Published: December 9, 2025

Vulnerability identifier: #VU119429

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-62631

CWE-ID: CWE-613

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiOS

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to insufficient session expiration in SSLVPN. An attacker can maintain access to network resources via an active session not terminated after a user's password change under particular conditions outside of the attacker's control.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-25-411

#VU119429 Insufficient Session Expiration in FortiOS - CVE-2025-62631

Description

Remediation

External links

Please verify you're human