CVE-2025-22251 Information

Description

An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0 7.4.0 through 7.4.5 7.2 all versions 7.0 all versions 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets.

Reference

https://fortiguard.fortinet.com/psirt/FG-IR-24-287