CVE-2025-25248

EUVD-2025-24459

12.08.2025, 19:15

An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions SSL-VPN RDP and VNC bookmarks may allow an authenticated user to affect the device SSL-VPN availability via crafted requests.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
fortinet	CNA	4.8 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R

Base Score

CVSS 3.x

EPSS Score

Percentile: 14%

Affected Products (NVD)

Vendor	Product	Version
fortinet	fortios	6.4.0 ≤ 𝑥 < 7.2.11
fortinet	fortios	7.4.0 ≤ 𝑥 < 7.4.8
fortinet	fortios	7.6.0 ≤ 𝑥 < 7.6.3
fortinet	fortipam	1.0.0 ≤ 𝑥 < 1.4.3
fortinet	fortipam	1.5.0
fortinet	fortiproxy	2.0.0 ≤ 𝑥 < 7.4.4
fortinet	fortiproxy	7.6.0 ≤ 𝑥 < 7.6.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-364