Vulnerability Details CVE-2025-62631
An insufficient session expiration vulnerability [CWE-613] in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not terminated after a user's password change under particular conditions outside of the attacker's control
Exploit prediction scoring system (EPSS) score
CVSS Severity
CVSS v3 Score 5.6
Products affected by CVE-2025-62631
-
cpe:2.3:o:fortinet:fortios:6.4.0
-
cpe:2.3:o:fortinet:fortios:6.4.1
-
cpe:2.3:o:fortinet:fortios:6.4.10
-
cpe:2.3:o:fortinet:fortios:6.4.11
-
cpe:2.3:o:fortinet:fortios:6.4.12
-
cpe:2.3:o:fortinet:fortios:6.4.13
-
cpe:2.3:o:fortinet:fortios:6.4.14
-
cpe:2.3:o:fortinet:fortios:6.4.15
-
cpe:2.3:o:fortinet:fortios:6.4.16
-
cpe:2.3:o:fortinet:fortios:6.4.2
-
cpe:2.3:o:fortinet:fortios:6.4.3
-
cpe:2.3:o:fortinet:fortios:6.4.4
-
cpe:2.3:o:fortinet:fortios:6.4.5
-
cpe:2.3:o:fortinet:fortios:6.4.6
-
cpe:2.3:o:fortinet:fortios:6.4.7
-
cpe:2.3:o:fortinet:fortios:6.4.8
-
cpe:2.3:o:fortinet:fortios:6.4.9
-
cpe:2.3:o:fortinet:fortios:7.0.0
-
cpe:2.3:o:fortinet:fortios:7.0.1
-
cpe:2.3:o:fortinet:fortios:7.0.10
-
cpe:2.3:o:fortinet:fortios:7.0.11
-
cpe:2.3:o:fortinet:fortios:7.0.12
-
cpe:2.3:o:fortinet:fortios:7.0.13
-
cpe:2.3:o:fortinet:fortios:7.0.14
-
cpe:2.3:o:fortinet:fortios:7.0.15
-
cpe:2.3:o:fortinet:fortios:7.0.16
-
cpe:2.3:o:fortinet:fortios:7.0.17
-
cpe:2.3:o:fortinet:fortios:7.0.2
-
cpe:2.3:o:fortinet:fortios:7.0.3
-
cpe:2.3:o:fortinet:fortios:7.0.4
-
cpe:2.3:o:fortinet:fortios:7.0.5
-
cpe:2.3:o:fortinet:fortios:7.0.6
-
cpe:2.3:o:fortinet:fortios:7.0.7
-
cpe:2.3:o:fortinet:fortios:7.0.8
-
cpe:2.3:o:fortinet:fortios:7.0.9
-
cpe:2.3:o:fortinet:fortios:7.2.0
-
cpe:2.3:o:fortinet:fortios:7.2.1
-
cpe:2.3:o:fortinet:fortios:7.2.10
-
cpe:2.3:o:fortinet:fortios:7.2.11
-
cpe:2.3:o:fortinet:fortios:7.2.12
-
cpe:2.3:o:fortinet:fortios:7.2.2
-
cpe:2.3:o:fortinet:fortios:7.2.3
-
cpe:2.3:o:fortinet:fortios:7.2.4
-
cpe:2.3:o:fortinet:fortios:7.2.5
-
cpe:2.3:o:fortinet:fortios:7.2.6
-
cpe:2.3:o:fortinet:fortios:7.2.7
-
cpe:2.3:o:fortinet:fortios:7.2.8
-
cpe:2.3:o:fortinet:fortios:7.2.9
-
cpe:2.3:o:fortinet:fortios:7.4.0