CVE-2025-62439 MEDIUM

Published: 2026-02-10 | Last Modified: 2026-05-12 | Status: Deferred

Description

An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests.

Additional Descriptions (1)

Una vulnerabilidad de Verificación Inadecuada del Origen de un Canal de Comunicación [CWE-940] vulnerabilidad en Fortinet FortiOS 7.6.0 hasta 7.6.4, FortiOS 7.4.0 hasta 7.4.9, FortiOS 7.2 todas las versiones, FortiOS 7.0 todas las versiones puede permitir a un usuario autenticado con conocimiento de las configuraciones de políticas FSSO obtener acceso no autorizado a recursos de red protegidos a través de solicitudes manipuladas.

CVSS Metrics

Base Score: 4.2 (MEDIUM)

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector	LOCAL
Attack Complexity	HIGH
Privileges Required	LOW
User Interaction	NONE
Scope	CHANGED
Confidentiality Impact	LOW
Integrity Impact	LOW
Availability Impact	NONE

Source: [email protected]

Type: Secondary

Exploitability Score: 1.1

Impact Score: 2.7

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-940

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-384
Source: [email protected]
https://cert-portal.siemens.com/productcert/html/ssa-975644.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e