Unrated severityNVD Advisory· Published Jun 10, 2025· Updated Jun 10, 2025

CVE-2025-22256

Description

A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests

Affected products

Fortinet/FortiSRAv5
cpe:2.3:a:fortinet:fortisra:1.4.1:*:*:*:*:*:*:*
Range: 1.4.0
Fortinet/Fortipamv5
cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
Range: 1.4.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.fortinet.com/psirt/FG-IR-25-008mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000