How severe is CVE-2025-25255?

CVE-2025-25255 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2025-25255

Name: fortios
Author: fortinet

5.3MEDIUM

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, Fo

Veröffentlicht: 10/14/2025Aktualisiert: 1/14/2026

Beschreibung

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0.1 through 7.0.22 may allow an unauthenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.

KI-AnalyseKI-gestützt

Betroffene Produkte

fortinetfortiproxy

fortinetfortios

Referenzen

https://fortiguard.fortinet.com/psirt/FG-IR-24-372
Vendor Advisory