CVE-2025-25250 Information

Description

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0 version 7.4.7 and below 7.2 all versions 7.0 all versions 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL.

Reference

https://fortiguard.fortinet.com/psirt/FG-IR-24-257