VDB
CVE-2025-67685
CVE-2025-67685
PUBLISHED
CVSS 3.4000000953674316 LOW
A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests.
EPSS 0.04% · 11.6th percentile
Risk Scores
CVSS 3.1
3.4000000953674316
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
EPSS Score
0.04%
11.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | FortiSandbox | 4.0.0, 4.4.0, 4.2.1 |
| fortinet | fortisandbox | 4.0.0, 4.0.0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-67685 (circl-sighting)
- CIRCL seen: CVE-2025-67685 (circl-sighting)
- CIRCL seen: CVE-2025-67685 (circl-sighting)
- https://fortiguard.fortinet.com/psirt/FG-IR-25-783 (circl)
Timeline
- Jan 13, 2026 CVE Published
- Jan 13, 2026 PoC Published
- Jan 14, 2026 EPSS Score
- Jan 14, 2026 CVE Updated
- Jan 15, 2026 PoC Published
- Jan 17, 2026 EPSS Score
- Jan 20, 2026 EPSS Score
- Jan 23, 2026 EPSS Score
- Jan 26, 2026 EPSS Score
- Jan 28, 2026 PoC Published
- Jan 29, 2026 EPSS Score
- Feb 1, 2026 EPSS Score
References
- https://fortiguard.fortinet.com/psirt/FG-IR-25-783 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-67685 advisory
- https://www.fortiguard.com/psirt/FG-IR-25-783 advisory
- https://www.fortiguard.com/psirt/FG-IR-25-778 advisory
- https://www.fortiguard.com/psirt/FG-IR-25-084 advisory
- https://www.fortiguard.com/psirt/FG-IR-25-260 advisory
- https://www.fortiguard.com/psirt/FG-IR-25-735 advisory
- https://www.fortiguard.com/psirt/FG-IR-25-772 advisory