CVE-2025-62439

CWE-9406 documents6 sources
Severity
4.2MEDIUM
EPSS
0.0%
top 94.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortios
Timeline
PublishedFeb 10

Description

An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 1.1 | Impact: 2.7

Affected Packages1 packages

CVEListV5fortinet/fortios7.6.07.6.4+3

🔴Vulnerability Details

2
CVEList
CVE-2025-62439: An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 72026-02-10
GHSA
GHSA-76xc-486m-c526: An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 72026-02-10

📋Vendor Advisories

1
Fortinet
Firewall policy bypass in FSSO Terminal Services Agent2026-02-10

🕵️Threat Intelligence

1
Wiz
CVE-2025-62439 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-62439 (MEDIUM CVSS 4.2) | An Improper Verification of Source | cvebase.io