SecuriTricks - CVE-2025-62439

Description

An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests.

Product(s) Impacted

Vendor	Product	Versions
Fortinet	Fortios	7.6.0-7.6.4, 7.4.0-7.4.9, 7.2, 7.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-940

Improper Verification of Source of a Communication Channel

The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	fortinet	fortios	7.6.0-7.6.4	/	/	/	/	/	/	/
a	fortinet	fortios	7.4.0-7.4.9	/	/	/	/	/	/	/
a	fortinet	fortios	7.2	/	/	/	/	/	/	/
a	fortinet	fortios	7.0	/	/	/	/	/	/	/

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-384

CVSS Score

4.2 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: HIGH
Privileges Required: LOW
Scope: CHANGED
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

View Vector String

Timeline

Published: Feb. 10, 2026, 4:16 p.m.
Last Modified: Feb. 10, 2026, 9:52 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2025-62439