Fortinet has disclosed a newly discovered vulnerability, CVE-2025-25250, affecting its FortiOS SSL-VPN web-mode feature. The flaw allows authenticated users to access the full configuration settings of the SSL-VPN via specially crafted URLs, leading to potential unauthorized exposure of sensitive information. Classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), the vulnerability undermines internal privacy controls, especially for enterprise environments where VPN settings may include details about network architecture and security postures. Although exploitation requires authentication, making it less accessible to external attackers, the information disclosure risk remains significant.

This vulnerability affects a broad range of FortiOS versions. All releases within FortiOS 6.4, 7.0, and 7.2 have no direct patches and require users to migrate to fixed releases. For newer builds, FortiOS 7.4.0 through 7.4.7 must be updated to version 7.4.8 or later, and FortiOS 7.6.0 should be upgraded to version 7.6.1 or above. In addition, the FortiSASE cloud-based version 25.1.c was also affected, though Fortinet has already addressed the issue in FortiSASE 25.2.a, eliminating the need for user-side actions for that platform. Fortinet has released a helpful upgrade tool at docs.fortinet.com/upgrade-tool to guide users through the patching process safely.

Despite the exposure potential, the vulnerability has been assigned a relatively low severity rating (CVSSv3 score of medium). This is due to the requirement for prior authentication, which limits the ability of remote unauthenticated attackers to exploit the flaw directly. However, cybersecurity experts caution that any vulnerability exposing network configuration data, regardless of access requirements, should be treated with high priority in enterprise and high-security environments, given the potential for internal misuse or credential compromise. The issue is tracked under Fortinet Incident Report FG-IR-24-257, showcasing the company’s adherence to transparent security disclosure.

Organizations using affected FortiOS versions are strongly advised to immediately apply the recommended upgrades and review SSL-VPN access policies and logs. Security teams should remain vigilant by monitoring for abnormal VPN access patterns and consider temporary enhanced logging or restrictions until full patching is complete. This incident underscores the importance of layered access control and patch management practices, even for authenticated-only vulnerabilities, to prevent configuration leaks that could lead to broader attacks.