CVE-2025-47890

Summary

An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSASE25.2.aaffected
FortinetFortiProxy7.6.0 <= 7.6.3affected
FortinetFortiProxy7.4.0 <= 7.4.12affected
FortinetFortiProxy7.2.0 <= 7.2.15affected
FortinetFortiProxy7.0.0 <= 7.0.22affected
FortinetFortiOS7.6.0 <= 7.6.2affected
FortinetFortiOS7.4.0 <= 7.4.8affected
FortinetFortiOS7.2.0 <= 7.2.12affected
FortinetFortiOS7.0.0 <= 7.0.18affected
FortinetFortiOS6.4.0 <= 6.4.16affected

Weaknesses

  • CWE-601: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References