CVE-2025-47890
MEDIUM WAF: Medium
CVSS 6.1
Published: 2025-10-14
CWE-601
An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortios | 6.4.0 - 7.4.9 |
| fortinet | fortios | 7.6.0 - 7.6.4 |
| fortinet | fortiproxy | 7.0.0 - 7.6.4 |
| fortinet | fortisase | 25.3.40 |
| fortinet | fortisase | 25.3.40 |
References
- fortiguard.fortinet.com (Vendor Advisory)