CVE-2025-25253

Summary

An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy

Affected Software

VendorProductVersion RangeStatus
FortinetFortiProxy7.6.0 <= 7.6.1affected
FortinetFortiProxy7.4.0 <= 7.4.8affected
FortinetFortiProxy7.2.0 <= 7.2.15affected
FortinetFortiProxy7.0.0 <= 7.0.22affected
FortinetFortiOS7.6.0 <= 7.6.2affected
FortinetFortiOS7.4.0 <= 7.4.8affected
FortinetFortiOS7.2.0 <= 7.2.12affected
FortinetFortiOS7.0.0 <= 7.0.18affected
FortinetFortiPAM1.4.1affected

Weaknesses

  • CWE-297: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

Additional References

References