VDB

CISA-2025-47890

CISA-2025-47890 PUBLISHED CVSS 2.5 LOW

Reported by fortinet · Published October 14, 2025

An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.

Risk Scores

CVSS 3.1
2.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C

Affected Products

VendorProductVersions
FortinetFortiSASE25.2.a
FortinetFortiProxy7.6.0, 7.4.0, 7.2.0
FortinetFortiOS7.6.0, 7.4.0, 7.2.0
FortinetFortiOS7.6.0, 7.4.0, 7.2.0
FortinetFortiProxy7.0.0, 7.2.0, 7.0.0
FortinetFortiSASE25.2.a, 25.2.a

Timeline

  • Oct 14, 2025 CVE Published
  • Jan 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›