CVE-2025-22256

High

A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2,…

fortinet·CWE-280·Published 2025-06-10

CVSS

8.8

EPSS

0.00

KEV

Exploits

cve.orgen

267 chars

A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests

NVDen

267 chars

NVDes

273 chars

Un manejo inadecuado de permisos o privilegios insuficientes en Fortinet FortiPAM 1.4.0 a 1.4.1, 1.3.0, 1.2.0, 1.1.0 a 1.1.2, 1.0.0 a 1.0.3, FortiSRA 1.4.0 a 1.4.1 permite a los atacantes un control de acceso indebido a través de solicitudes HTTP especialmente manipuladas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	6.0	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C