CNNVD-202510-1976 Information
CNNVD ID
CNNVD-202510-1976
Related CVE
- CNNVD Published: 2025-10-14
Description (Chinese)
Fortinet FortiOS SSL-VPN是美国飞塔(Fortinet)公司的一款VPN软件。 Fortinet FortiOS SSL-VPN存在代码问题漏洞,该漏洞源于会话过期不足,可能导致远程攻击者通过重用SAML记录重新打开会话。以下版本受到影响:7.6.0版本至7.6.2版本、7.4.0版本至7.4.6版本、7.2.0版本至7.2.10版本、7.0.0版本至7.0.16版本和6.4所有版本。
Description (English)
Fortinet FortiOS SSL-VPN is a VPN software from Fortinet. Fortinet FortiOS SSL-VPN has a code gap, which stems from expired sessions and may lead to long-range attackers reopening sessions by reusing SAML records. The following versions were affected: 7.6.0 to 7.6.2, 7.4.0 to 7.4.6, 7.2.0 to 7.2.10, 7.0.0 to 7.0.16 and all 6.4.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
飞塔
Published
2025-10-14
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-24-487 https://access.redhat.com/security/cve/cve-2025-25252 https://vigilance.fr/vulnerability/FortiOS-user-access-via-SSLVPN-Insufficient-Session-Expiration-48452
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-24-487
Share on: