CVE-2025-25250

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL...

CVE-2025-25250

FortiOS contains an Information Disclosure vulnerability (CWE-200) affecting SSL-VPN web-mode that can allow an authenticated user to view full SSL-VPN settings via a crafted URL. Affected versions include FortiOS 7.6.0, 7.4.7 and earlier, and all 7.2/7.0/6.4 releases. CVSSv3.1 base score 4.3 (Ne...

Fortinet FortiOS 信息泄露漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An information...

PT-2025-24717 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4 and earlier FortiOS versions 7.0 and earlier FortiOS versions 7.2 and earlier FortiOS versions 7.4.7 and earlier FortiOS version 7.6.0 Description: The issue allows an authenticated user to access full SSL-VPN settings vi...