Fortinet FortiOS SSL-VPN Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability allowing exposure of sensitive information to an unauthorized actor has been identified in Fortinet FortiOS versions 7.6.0, 7.4.7 and below, 7.2 (all versions), 7.0 (all versions), and 6.4 (all versions) within the SSL-VPN web mode. This vulnerability may enable an authenticated user to access complete SSL-VPN settings by using a crafted URL.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive SSL-VPN configuration details.

Added: Jun 10, 2025, 6:30 PM

Updated: Jun 10, 2025, 6:30 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiOS SSL-VPN Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Affected Products

Fortinet FortiOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating