Skip to content
A recently disclosed vulnerability affecting Fortinet SSL-VPN services has prompted organisations to review their exposure and ensure remediation measures have been applied.
Tracked as CVE-2025-25250 and informally referred to as FortiBleed, the vulnerability affects a range of FortiOS versions and could allow an authenticated user to access sensitive SSL-VPN configuration information.
Why it matters
VPN and firewall infrastructure remain attractive targets for cybercriminals due to their role in securing remote access and protecting business-critical systems.
Following the disclosure, organisations have been urged to review affected devices, apply available updates, and monitor for unusual activity. The UK’s National Cyber Security Centre (NCSC) has also published guidance following reports of global targeting activity affecting Fortinet infrastructure.
Recommended actions
- Review affected FortiOS versions.
- Apply available security updates.
- Review administrative access controls.
- Ensure multi-factor authentication is enabled.
- Monitor logs and network activity for signs of suspicious behaviour.
- Conduct vulnerability assessments where appropriate.
Download the advisory
Earlier this week, we shared guidance with customers outlining the vulnerability, affected versions, and recommended mitigation steps.
Download the full FortiBleed Advisory Notice for detailed technical information and remediation guidance.
If you are unsure whether your environment is affected, contact the Zenzero Security Team for support.
