VDB
CISA-2025-47890
CISA-2025-47890
PUBLISHED
CVSS 2.5 LOW
Reported by fortinet · Published October 14, 2025
An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.
Risk Scores
CVSS 3.1
2.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | FortiSASE | 25.2.a |
| Fortinet | FortiProxy | 7.6.0, 7.4.0, 7.2.0 |
| Fortinet | FortiOS | 7.6.0, 7.4.0, 7.2.0 |
| Fortinet | FortiOS | 7.6.0, 7.4.0, 7.2.0 |
| Fortinet | FortiProxy | 7.0.0, 7.2.0, 7.0.0 |
| Fortinet | FortiSASE | 25.2.a, 25.2.a |
Timeline
- Oct 14, 2025 CVE Published
- Jan 15, 2026 CVE Updated