CVE-2025-62439 LOW

CVE-2025-62439

Vendor Fortinet
Product FortiOS
Weakness CWE-940
Published February 10, 2026
Last update May 12, 2026

CVSS base score

3.8/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N/E:P/RL:X/RC:R

What the vulnerability does

01Description

An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests.

Key dates

02Disclosure timeline

February 10, 2026 CVE published
May 12, 2026 Record updated