CVE-2025-25255
Essential information
- Published
- 14/10/2025 16:15
- Modified
- 14/10/2025 19:36
- Author
- —
- Creator
- —
- CISA KEV
- No
- CWE
- —
- CVSS vector
- — — —
Description
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0.1 through 7.0.21, and FortiOS 7.6.0 through 7.6.3 explicit web proxy may allow an authenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.
NVD status
- Status
- Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| fortinet / fortiproxy | cpe:2.3:a:fortinet:fortiproxy:7.6.0-7.6.3:*:*:*:*:*:*:* |
| fortinet / fortiproxy | cpe:2.3:a:fortinet:fortiproxy:7.4:*:*:*:*:*:*:* |
| fortinet / fortiproxy | cpe:2.3:a:fortinet:fortiproxy:7.2:*:*:*:*:*:*:* |
| fortinet / fortiproxy | cpe:2.3:a:fortinet:fortiproxy:7.0.1-7.0.21:*:*:*:*:*:*:* |
| fortinet / fortios | cpe:2.3:a:fortinet:fortios:7.6.0-7.6.3:*:*:*:*:*:*:* |