CVE Catalog

CVE-2025-47890

LowCVSS 2.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

1th percentile — higher than 1% of all known CVEs

Summary

Fortinet FortiOS and FortiProxy have a URL Redirection to Untrusted Site vulnerability that may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.

Risk Assessment

An attacker could exploit this vulnerability to mislead users into visiting malicious sites, potentially leading to data theft or system compromise.

Recommendation

It is recommended to update to the latest version of FortiOS and FortiProxy to mitigate the risk associated with this vulnerability.

Original NVD description (English source)

An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS