How severe is CVE-2025-25255?

CVE-2025-25255 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2025-25255

Name: fortios
Author: fortinet

5.3MEDIUM

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, Fo

Published: 10/14/2025Updated: 1/14/2026

Description

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0.1 through 7.0.22 may allow an unauthenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.

AI AnalysisPowered by AI

Affected Products

fortinetfortiproxy

fortinetfortios

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-372
Vendor Advisory