How severe is CVE-2025-25255?

CVE-2025-25255 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2025-25255

Name: fortios
Author: fortinet

5.3MEDIUM

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, Fo

Publicado: 10/14/2025Atualizado: 1/14/2026

Descrição

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0.1 through 7.0.22 may allow an unauthenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.

Análise IADesenvolvido por IA

Produtos Afetados

fortinetfortiproxy

fortinetfortios

Referências

https://fortiguard.fortinet.com/psirt/FG-IR-24-372
Vendor Advisory