Information Disclosure on SSLVPN endpoint

Low RiskCVSS 3.9FG-IR-24-257Jun 10, 2025

Fortinet

IT in OT - Fortinet products are commonly deployed at IT/OT network boundaries

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

An information disclosure vulnerability exists in the FortiOS SSL VPN web-mode that allows authenticated users to view sensitive data and configuration information they should not have access to. The vulnerability affects FortiOS versions 6.4 through 7.6.0 and FortiSASE versions prior to 25.1.d.

What this means

What could happen

An authenticated user accessing FortiOS SSL VPN could read sensitive information that should not be visible to them, such as configuration details or other user data. This does not directly disrupt operations but could aid attackers in planning further attacks.

Who's at risk

Network administrators and security teams using Fortinet FortiOS devices as SSL VPN endpoints. This affects any organization using FortiGate firewalls in versions 6.4 through 7.6.0 for remote access VPN services, particularly those with field technicians, remote offices, or third-party vendor access.

How it could be exploited

An attacker with valid VPN credentials connects to the SSL VPN web interface and exploits the information disclosure flaw to view sensitive data that their account permissions should not grant access to. The vulnerability does not require special network positioning or complex attack steps.

Prerequisites

Valid SSL VPN user credentials
Network access to the FortiOS SSL VPN endpoint on the VPN port

remotely exploitablerequires valid credentials (low authentication barrier for insider threats)low attack complexity

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

FortiOS7.6.07.6.1+

FortiOS7.4.0 - 7.4.77.4.8+

FortiOS7.2 all versionsMigrate to fixed release

FortiOS7.0 all versionsMigrate to fixed release

FortiOS6.4 all versionsMigrate to fixed release

FortiSASE25.1.cMigrate to fixed release

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

FortiOS

HOTFIXUpdate FortiOS 7.6.0 to version 7.6.1 or later

HOTFIXUpdate FortiOS 7.4 to version 7.4.8 or later

HOTFIXMigrate FortiOS 7.2, 7.0, and 6.4 to supported fixed releases (7.6.1+, 7.4.8+, or FortiSASE 25.1.d+)

Long-term hardening

0/1

HARDENINGRestrict SSL VPN access to authorized users only and review VPN user accounts for unnecessary privileges

CVEs (1)

CVE-2025-25250

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f59406f5-4663-4557-aaf6-a8d879721004

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.