Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2025-62439
3.8 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 1 month, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 1 week ago
  • @LeSuisse removed
    4 packages
    • terraform-providers.fortios
    • python312Packages.fortiosapi
    • python313Packages.fortiosapi
    • python314Packages.fortiosapi
    1 month, 1 week ago
  • @LeSuisse dismissed 1 month, 1 week ago
An Improper Verification of Source of a Communication Channel vulnerability …

An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests.

References

Affected products

FortiOS
  • =<7.6.4
  • =<7.0.19
  • =<7.2.13
  • =<7.4.9 
Not present in nixpkgs