CVE-2025-22256 — Improper Handling of Insufficient Permissions or Privileges in Fortinet Fortipam

CWE-280 — Improper Handling of Insufficient Permissions or Privileges4 documents4 sources

Severity

8.8HIGHNVD

CNA6.3

EPSS

0.1%

top 70.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortipam Fortinet Fortisra

Timeline

PublishedJun 10

Description

A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDfortinet/fortipam1.0.0 — 1.0.4+4

▶NVDfortinet/fortisra1.4.0 — 1.4.2

▶CVEListV5fortinet/fortipam1.4.0 — 1.4.1+4

▶CVEListV5fortinet/fortisra1.4.0 — 1.4.1

🔴Vulnerability Details

CVEList

CVE-2025-22256: A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1↗2025-06-10

▶

GHSA

GHSA-5xp9-26pv-gh7v: A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1↗2025-06-10

▶

📋Vendor Advisories

Fortinet

A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1...↗2025-06-10

▶