FortiOS SSL-VPN Vulnerability Let Attackers Access full SSL-VPN settings

Fortinet has disclosed a new security vulnerability affecting its FortiOS SSL-VPN web-mode that allows authenticated users to gain unauthorized access to complete SSL-VPN configuration settings through specially crafted URLs.

The vulnerability, designated as CVE-2025-25250, was published today and affects multiple versions of the popular network security platform.

The vulnerability stems from an “Exposure of Sensitive Information to an Unauthorized Actor” weakness, classified under CWE-200 in the Common Weakness Enumeration database.

While the security flaw requires user authentication to exploit, it presents significant privacy and security concerns as it enables attackers to view comprehensive SSL-VPN settings that should remain restricted.

The vulnerability affects an extensive range of FortiOS versions, creating a substantial impact across Fortinet’s user base. FortiOS versions 6.4, 7.0, and 7.2 in their entirety require migration to fixed releases, as no patches are available for these older versions.

More recent versions show varied exposure levels: FortiOS 7.4.0 through 7.4.7 require immediate upgrades to version 7.4.8 or higher, while FortiOS 7.6.0 users should upgrade to version 7.6.1 or above.

Additionally, FortiSASE version 25.1.c was affected by this vulnerability, though Fortinet has already addressed the issue in FortiSASE version 25.2.a, requiring no action from customers using the cloud-based security service.

Despite the potential for information disclosure, Fortinet has assigned the vulnerability a low severity rating with a CVSSv3 score of 3.9. This relatively low score reflects the requirement for authentication before exploitation can occur, limiting the vulnerability’s immediate threat level.

However, security experts emphasize that any unauthorized access to network configuration data represents a serious security concern, particularly in enterprise environments where SSL-VPN settings may contain sensitive network topology information.

Fortinet strongly recommends that organizations running affected versions implement the prescribed upgrades immediately. The company has provided a comprehensive upgrade tool at docs.fortinet.com/upgrade-tool to assist administrators in following the recommended upgrade path safely.

The vulnerability disclosure, catalogued as IR Number FG-IR-24-257, demonstrates Fortinet’s commitment to transparent security reporting. Organizations should prioritize patching efforts and review their SSL-VPN access controls to ensure proper authentication mechanisms remain in place during the transition period.

Security teams should monitor for any unusual SSL-VPN access patterns and consider implementing additional monitoring measures until upgrades are completed across all affected systems.

Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints -> Request full access