CVE-2025-62631

placeholder

{"cve": {"id": "CVE-2025-62631", "sourceIdentifier": "[email protected]", "published": "2025-12-09T18:16:03.850", "lastModified": "2026-01-14T10:16:08.050", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "An insufficient session expiration vulnerability [CWE-613] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not terminated after a user's password change under particular conditions outside of the attacker's control"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 5.6, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.2, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-613"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4.0", "versionEndExcluding": "7.4.1", "matchCriteriaId": "302596F5-7F5F-4E20-8A85-6183A9FCB5BB"}]}]}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-411", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}