{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T18:44:45.213","vulnerabilities":[{"cve":{"id":"CVE-2025-62439","sourceIdentifier":"psirt@fortinet.com","published":"2026-02-10T16:16:09.080","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests."},{"lang":"es","value":"Una vulnerabilidad de Verificación Inadecuada del Origen de un Canal de Comunicación [CWE-940] vulnerabilidad en Fortinet FortiOS 7.6.0 hasta 7.6.4, FortiOS 7.4.0 hasta 7.4.9, FortiOS 7.2 todas las versiones, FortiOS 7.0 todas las versiones puede permitir a un usuario autenticado con conocimiento de las configuraciones de políticas FSSO obtener acceso no autorizado a recursos de red protegidos a través de solicitudes manipuladas."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.1,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Primary","description":[{"lang":"en","value":"CWE-940"}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-25-384","source":"psirt@fortinet.com"}]}}]}