CVE-2025-25248

CWE-190Integer Overflow4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 85.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Fortinet FortiosFortinet FortipamFortinet Fortiproxy
Timeline
PublishedAug 12

Description

An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions SSL-VPN RDP and VNC bookmarks may allow an authenticated user to affect the devic

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages6 packages

NVDfortinet/fortios6.4.07.2.11+2
NVDfortinet/fortipam1.0.01.4.3+1
NVDfortinet/fortiproxy2.0.07.4.4+1
CVEListV5fortinet/fortios7.6.07.6.2+4
CVEListV5fortinet/fortipam1.4.01.4.2+5

🔴Vulnerability Details

2
GHSA
GHSA-f257-v2jp-hg34: An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 72025-08-12
CVEList
CVE-2025-25248: An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 72025-08-12

📋Vendor Advisories

1
Fortinet
Integer Overflow on SSL-VPN bookmarks2025-08-12
CVE-2025-25248 (MEDIUM CVSS 6.5) | An Integer Overflow or Wraparound v | cvebase.io