VYPR
Medium severity4.3NVD Advisory· Published Jun 10, 2025· Updated Jun 9, 2026

CVE-2025-25250

CVE-2025-25250

Description

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:fortinet:fortisase:25.1.75:*:*:*:-:*:*:*
  • Fortinet/Fortios3 versions
    cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*range: >=6.4.0,<7.4.8
    • cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
    • (no CPE)range: 7.6.0, 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.