CVE-2025-22251

An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets.

CVSS v3 3.1 LOW

3.1^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-287	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios:7.6.0:::::::*

History

25 Jul 2025, 15:26

Type	Values Removed	Values Added
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-24-287 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-24-287 - Vendor Advisory
First Time		Fortinet fortios Fortinet
CPE		cpe:2.3:o:fortinet:fortios:7.6.0:::::::* cpe:2.3:o:fortinet:fortios::::::::

12 Jun 2025, 16:06

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-10 17:21

Updated : 2025-07-25 15:26

NVD link : CVE-2025-22251

Mitre link : CVE-2025-22251

CVE.ORG link : CVE-2025-22251

JSON object : View

Products Affected

fortinet

fortios

CWE

CWE-923

Improper Restriction of Communication Channel to Intended Endpoints

{"id": "CVE-2025-22251", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-06-10T17:21:08.117", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-287", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-923"}]}], "descriptions": [{"lang": "en", "value": "An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets."}, {"lang": "es", "value": "Una vulnerabilidad de restricci\u00f3n incorrecta del canal de comunicaci\u00f3n a los endpoints previstos [CWE-923] en FortiOS 7.6.0, 7.4.0 a 7.4.5, 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones puede permitir que un atacante no autenticado inyecte sesiones no autorizadas a trav\u00e9s de paquetes de sincronizaci\u00f3n de sesi\u00f3n FGSP manipulados."}], "lastModified": "2025-07-25T15:26:10.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5249B7DB-E2BC-4EBD-9366-B25D1E24A012", "versionEndExcluding": "7.4.6", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44CE8EE3-D64A-49C8-87D7-C18B302F864A"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}