FortiOS 7.0-7.6.4: Improper Source Verification in FSSO Channel
CVE-2025-62439 Published on February 10, 2026
An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests.
Vulnerability Analysis
CVE-2025-62439 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Improper Verification of Source of a Communication Channel
The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. When an attacker can successfully establish a communication channel from an untrusted origin, the attacker may be able to gain privileges and access unexpected functionality.
Products Associated with CVE-2025-62439
Want to know whenever a new CVE is published for Fortinet FortiOS? stack.watch will email you.
Affected Versions
Fortinet FortiOS:- Version 7.6.0, <= 7.6.4 is affected.
- Version 7.4.0, <= 7.4.9 is affected.
- Version 7.2.0, <= 7.2.13 is affected.
- Version 7.0.0, <= 7.0.19 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.