CVE-2025-25253

Published: Oct 14, 2025Modified: Oct 15, 2025

7.5

Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: psirt@fortinet.com (Secondary)

Description

An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy

Affected (4)

Products: Fortinet: Fortiproxy, Fortios

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiproxy	From 7.0.0 to 7.4.9
Fortinet Fortiproxy	From 7.6.0 to 7.6.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	From 7.0.0 to 7.4.9
Fortinet Fortios	From 7.6.0 to 7.6.3

Related CWEs

Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-457

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.