CVE-2025-62631_CVE-2025-62631

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C

Description

An insufficient session expiration vulnerability [CWE-613] in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not terminated after a user's password change under particular conditions outside of the attacker's control

Basic Information

ID CVE-2025-62631

Source fortinet

Published Dec 9, 2025 at 17:18

Affected Product

Vendor Fortinet

Product FortiOS

Version 7.4.0

Affected Versions Fortinet FortiOS 7.4.0
Fortinet FortiOS 7.2.0
Fortinet FortiOS 7.0.0
Fortinet FortiOS 6.4.0

CWE Classification

CWE-613

References

fortiguard.fortinet.com /psirt/FG-IR-25-411

{
    "lastseen": "",
    "description": "An insufficient session expiration vulnerability [CWE-613] in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not terminated after a user's password change under particular conditions outside of the attacker's control",
    "published": "2025-12-09T17:18:47.955Z",
    "modified": "2025-12-09T17:18:47.955Z",
    "type": "cve",
    "title": "CVE-2025-62631",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-25-411",
    "id": "CVE-2025-62631",
    "bulletinFamily": "",
    "cwe": [
        "CWE-613"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiOS 7.4.0\nFortinet FortiOS 7.2.0\nFortinet FortiOS 7.0.0\nFortinet FortiOS 6.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiOS",
    "version": "7.4.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}