EUVD-2025-202274

🗓️ 09 Dec 2025 17:18:47Reported by EUVDType

FortiOS session expiration flaw lets attacker keep SSLVPN access after user password change.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2025-62631	9 Dec 202517:18	–	attackerkb
Circl	CVE-2025-62631	9 Dec 202519:09	–	circl
CNNVD	Fortinet FortiOS 代码问题漏洞	9 Dec 202500:00	–	cnnvd
CVE	CVE-2025-62631	9 Dec 202517:18	–	cve
Cvelist	CVE-2025-62631	9 Dec 202517:18	–	cvelist
Tenable Nessus	Fortinet Fortigate Insufficient Session Expiration in SSLVPN (FG-IR-25-411)	9 Dec 202500:00	–	nessus
NCSC	Vulnerabilities fixed in Fortinet products	28 Jan 202615:46	–	ncsc
NVD	CVE-2025-62631	9 Dec 202518:16	–	nvd
Positive Technologies	PT-2025-50125	9 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-62631	10 Dec 202518:13	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "51a148c0-b8cc-3313-bfd5-915cd9a81e58",
        "vendor": {
          "name": "Fortinet"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0290084e-0076-3e83-9af2-f98d31d804eb",
        "product": {
          "name": "FortiOS"
        },
        "product_version": "7.0.0 ≤7.0.18"
      },
      {
        "id": "45278884-7fd9-3b42-82e2-0df957847404",
        "product": {
          "name": "FortiOS"
        },
        "product_version": "6.4.0 ≤6.4.16"
      },
      {
        "id": "f61c3c7a-9775-3296-8b2b-911116ed39d2",
        "product": {
          "name": "FortiOS"
        },
        "product_version": "7.4.0"
      },
      {
        "id": "fe07adc8-d69f-389d-9afa-469640931625",
        "product": {
          "name": "FortiOS"
        },
        "product_version": "7.2.0 ≤7.2.11"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.fortinet.com/psirt/FG-IR-25-411
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-62631

09 Dec 2025 20:43Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.15.6

EPSS0.00014

SSVC