216.73.217.22

CVE-2025-25253

· Published 14/10/2025 16:15 · Modified 14/10/2025 19:36

Labels: CVE-2025-25253 2025-10-14CVE-2025-25253CWE-297[email protected]

Essential information

Published
14/10/2025 16:15
Modified
14/10/2025 19:36
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fortinet / fortiproxy cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
fortinet / fortiproxy cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
fortinet / fortiproxy cpe:2.3:a:fortinet:fortiproxy:7.2:*:*:*:*:*:*:*
fortinet / fortiproxy cpe:2.3:a:fortinet:fortiproxy:7.0:*:*:*:*:*:*:*
fortinet / fortios cpe:2.3:a:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
fortinet / fortios cpe:2.3:a:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
fortinet / fortios cpe:2.3:a:fortinet:fortios:7.2:*:*:*:*:*:*:*
fortinet / fortios cpe:2.3:a:fortinet:fortios:7.0:*:*:*:*:*:*:*

References