CVE-2025-67685 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-67685 PUBLISHED CVSS 3.4000000953674316 LOW

A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests.

EPSS 0.03% · 8.0th percentile

Risk Scores

CVSS v3.1

3.4000000953674316

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

EPSS Score

0.03%

8.0th percentile

Affected Products

Vendor	Product	Versions
Fortinet	FortiSandbox	5.0.0, 4.4.0, 4.2.1
fortinet	fortisandbox	4.0.0

Timeline

Dec 10, 2025 CVE ID Reserved
Jan 13, 2026 CVE Published
Jan 13, 2026 PoC Published
Jan 14, 2026 EPSS Score
Jan 14, 2026 CVE Updated
Jan 15, 2026 PoC Published
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 21, 2026 EPSS Score
Jan 24, 2026 EPSS Score
Jan 26, 2026 EPSS Score
Jan 28, 2026 EPSS Score

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-783 url
https://nvd.nist.gov/vuln/detail/CVE-2025-67685 advisory
https://www.fortiguard.com/psirt/FG-IR-25-783 advisory
https://www.fortiguard.com/psirt/FG-IR-25-778 advisory
https://www.fortiguard.com/psirt/FG-IR-25-084 advisory
https://www.fortiguard.com/psirt/FG-IR-25-260 advisory
https://www.fortiguard.com/psirt/FG-IR-25-735 advisory
https://www.fortiguard.com/psirt/FG-IR-25-772 advisory

Open in Interactive Console →