Fortinet has revealed a new security flaw in its FortiOS SSL-VPN web-mode that allows authenticated users to access SSL-VPN configuration settings through specially crafted URLs, giving them unauthorized access to sensitive data.
The vulnerability, identified as CVE-2025-25250, was disclosed today and impacts several versions of FortiOS, a widely used network security platform. It stems from a weakness described as “Exposure of Sensitive Information to an Unauthorized Actor,” which is classified under CWE-200 in the Common Weakness Enumeration database.
While the flaw requires user authentication to exploit, it raises serious security concerns. Attackers could gain access to SSL-VPN settings that are typically restricted, putting privacy and security at risk.
The vulnerability affects multiple versions of FortiOS, creating widespread impact for Fortinet users. Older FortiOS versions, such as 6.4, 7.0, and 7.2, require immediate upgrades to fixed releases since no patches are available for these versions.
For more recent versions, FortiOS 7.4.0 to 7.4.7 require upgrades to version 7.4.8 or higher, while FortiOS 7.6.0 users should update to version 7.6.1 or newer.
FortiSASE version 25.1.c is also affected, but Fortinet has addressed the issue in FortiSASE version 25.2.a, so no action is needed for cloud-based security service users.
Despite the severity of the vulnerability, Fortinet has given it a low priority rating, assigning it a CVSSv3 score of 3.9. This score reflects the fact that exploitation requires authentication, limiting the immediate risk. However, security experts warn that any unauthorized access to network configuration data is a serious issue, especially in enterprise environments where SSL-VPN settings could contain critical information about network topology.
Fortinet strongly urges organizations using affected versions to upgrade immediately. They have provided an upgrade tool at docs.fortinet.com/upgrade-tool to help administrators safely follow the recommended upgrade steps.
This vulnerability, catalogued as IR Number FG-IR-24-257, highlights Fortinet’s dedication to transparency in security reporting. Organizations are advised to patch affected systems quickly and reassess their SSL-VPN access controls to ensure proper authentication processes are in place.
Security teams should monitor for unusual SSL-VPN access patterns and consider additional monitoring until all upgrades have been applied.
