CVE-2025-22251 LOW

CVE-2025-22251

Vendor Fortinet
Product FortiOS
Weakness CWE-923
Published June 10, 2025
Last update June 10, 2025

CVSS base score

3.0/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C

What the vulnerability does

01Description

An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets.

Key dates

02Disclosure timeline

June 10, 2025 CVE published
June 10, 2025 Record updated