CVE-2025-25248

An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions SSL-VPN RDP and VNC bookmarks may allow an authenticated user to affect the device SSL-VPN availability via crafted requests.

CVSS v3.0 6.5 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-364	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fortinet:fortipam::::::::
	cpe:2.3:o:fortinet:fortipam:1.5.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:fortinet:fortiproxy::::::::
	cpe:2.3:a:fortinet:fortiproxy::::::::

History

14 Aug 2025, 01:21

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
CPE		cpe:2.3:a:fortinet:fortiproxy:::::::: cpe:2.3:o:fortinet:fortipam:::::::: cpe:2.3:o:fortinet:fortios:::::::: cpe:2.3:o:fortinet:fortipam:1.5.0:::::::*
First Time		Fortinet fortipam Fortinet Fortinet fortios Fortinet fortiproxy
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-24-364 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-24-364 - Vendor Advisory

12 Aug 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-12 19:15

Updated : 2025-08-14 01:21

NVD link : CVE-2025-25248

Mitre link : CVE-2025-25248

JSON object : View

Products Affected

fortinet

fortiproxy
fortipam
fortios

CWE

CWE-190

Integer Overflow or Wraparound

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-364", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-364", "tags": ["Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An\u00a0Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions SSL-VPN RDP and VNC bookmarks may allow an authenticated user to affect the device SSL-VPN availability via crafted requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-190"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-25248", "ASSIGNER": "psirt@fortinet.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2025-08-12T19:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.4.8", "versionStartIncluding": "7.4.0"}, {"cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.6.3", "versionStartIncluding": "7.6.0"}, {"cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.2.11", "versionStartIncluding": "6.4.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.4.3", "versionStartIncluding": "1.0.0"}, {"cpe23Uri": "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.4.4", "versionStartIncluding": "2.0.0"}, {"cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.6.3", "versionStartIncluding": "7.6.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-14T01:21Z"}