What is the CVSS score of CVE-2022-42475?

CVE-2022-42475 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 94.0%.

Which versions of FortiOS SSL-VPN are affected by CVE-2022-42475?

Organizations using FortiOS SSL-VPN 7.2.0 face critical risk from CVE-2022-42475 rated CVSS 9.8.

Is there a public PoC exploit available for CVE-2022-42475?

Yes, a public proof-of-concept exploit is available for CVE-2022-42475. Prioritise patching immediately. EPSS: 94.0%.

How to fix or mitigate CVE-2022-42475?

Within 24 hours: Identify all affected systems running FortiOS SSL-VPN 7.2.0 and apply vendor patches immediately. Monitor vendor channels for patch availability.

FortiOS SSL-VPN CVE-2022-42475

CRITICAL

Numeric Truncation Error (CWE-197)

2023-01-02 psirt@fortinet.com

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:19 vuln.today

Added to CISA KEV

Oct 24, 2025 - 12:54 cisa

CISA KEV

PoC Detected

Oct 24, 2025 - 12:54 vuln.today

Public exploit code

CVE Published

Jan 02, 2023 - 09:15 nvd

CRITICAL 9.8

DescriptionNVD

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

AnalysisAI

FortiOS SSL-VPN contains a heap-based buffer overflow allowing unauthenticated remote code execution, exploited as a zero-day from October 2022 by suspected Chinese state-sponsored actors targeting government networks.

Technical ContextAI

The CWE-122 heap overflow in the SSL-VPN's request processing allows crafted requests to overflow a heap buffer, enabling arbitrary code execution with root privileges on the FortiGate appliance. The exploit targets the SSL-VPN web portal component accessible to any remote user.

Affected ProductsAI

FortiOS SSL-VPN 7.2.0 through 7.2.2 FortiOS SSL-VPN 7.0.0 through 7.0.8 FortiOS SSL-VPN 6.4.0 through 6.4.10 FortiOS SSL-VPN 6.2.0 through 6.2.11 FortiProxy SSL-VPN 7.2.0 through 7.2.1

RemediationAI

Upgrade FortiOS immediately. Check for indicators of UNC3886/BOLDMOVE compromise. Review firewall logs for anomalies. Verify firmware integrity. Rotate all credentials accessible from the FortiGate.

CVE-2022-42475 vulnerability details – vuln.today

Back

FortiOS SSL-VPN CVE-2022-42475

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code