CVE-2025-25255_CVE-2025-25255

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0.1 through 7.0.21, and FortiOS 7.6.0 through 7.6.3 explicit web proxy may allow an authenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.

Basic Information

ID CVE-2025-25255

Source fortinet

Published Oct 14, 2025 at 15:23

Modified Oct 15, 2025 at 13:14

Affected Product

Vendor Fortinet

Product FortiOS

Version 7.6.0

Affected Versions Fortinet FortiOS 7.6.0
Fortinet FortiProxy 7.6.0
Fortinet FortiProxy 7.4.0
Fortinet FortiProxy 7.2.0
Fortinet FortiProxy 7.0.1

CWE Classification

CWE-358

References

fortiguard.fortinet.com /psirt/FG-IR-24-372

{
    "lastseen": "",
    "description": "An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0.1 through 7.0.21, and FortiOS 7.6.0 through 7.6.3 explicit web proxy may allow an authenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.",
    "published": "2025-10-14T15:23:09.821Z",
    "modified": "2025-10-15T13:14:42.343Z",
    "type": "cve",
    "title": "CVE-2025-25255",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-24-372",
    "id": "CVE-2025-25255",
    "bulletinFamily": "",
    "cwe": [
        "CWE-358"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiOS 7.6.0\nFortinet FortiProxy 7.6.0\nFortinet FortiProxy 7.4.0\nFortinet FortiProxy 7.2.0\nFortinet FortiProxy 7.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiOS",
    "version": "7.6.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}