Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2025-62631

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 2 months, 1 week ago

An insufficient session expiration vulnerability [CWE-613] in Fortinet FortiOS 7.4.0, …

An insufficient session expiration vulnerability [CWE-613] in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not terminated after a user's password change under particular conditions outside of the attacker's control

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-411

Affected products

FortiOS

=<7.2.11
==7.4.0
=<7.0.18
=<7.0.19
=<6.4.16

Matching in nixpkgs

pkgs.terraform-providers.fortios

None

nixos-unstable 1.22.1
- nixpkgs-unstable 1.24.0
- nixos-unstable-small 1.24.1
nixos-25.11 1.23.0
- nixpkgs-25.11-darwin 1.23.0

pkgs.python312Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python313Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python314Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable -
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>