216.73.217.172

CVE-2025-25255

· Published 14/10/2025 16:15 · Modified 14/10/2025 19:36

Labels: CVE-2025-25255 2025-10-14CVE-2025-25255CWE-358[email protected]

Essential information

Published
14/10/2025 16:15
Modified
14/10/2025 19:36
Author
Creator
CISA KEV
No
CWE

Description

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0.1 through 7.0.21, and FortiOS 7.6.0 through 7.6.3 explicit web proxy may allow an authenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fortinet / fortiproxy cpe:2.3:a:fortinet:fortiproxy:7.6.0-7.6.3:*:*:*:*:*:*:*
fortinet / fortiproxy cpe:2.3:a:fortinet:fortiproxy:7.4:*:*:*:*:*:*:*
fortinet / fortiproxy cpe:2.3:a:fortinet:fortiproxy:7.2:*:*:*:*:*:*:*
fortinet / fortiproxy cpe:2.3:a:fortinet:fortiproxy:7.0.1-7.0.21:*:*:*:*:*:*:*
fortinet / fortios cpe:2.3:a:fortinet:fortios:7.6.0-7.6.3:*:*:*:*:*:*:*

References