← back
CVE-2025-22256

CVE-2025-22256

CVSS 6 MEDIUMEPSS 0.3%CWE-280
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6EPSS 0.3%KEV nãoPoC Patch
Lifecycle
10 Jun 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C
Affected products
Fortinet · FortiPAMFortinet · FortiSRA

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-008