CVE-2025-25255
Description
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0.1 through 7.0.22 may allow an unauthenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.
Risk Information
Base Score
4.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
0.016
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Improperly Implemented Security Check for Standard Vulnerability (CVE-2025-25255) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234