CVE-2025-22251

low

Description

An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-287

Details

Source: Mitre, NVD

Published: 2025-06-10

Updated: 2025-06-12

Risk Information

CVSS v2

Base Score: 1.8

Vector: CVSS2#AV:A/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 3.1

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Low

EPSS

EPSS: 0.00014

Detections

Analytics