Main Vulnerability Database Vulnerabilities #VU117133

#VU117133 Improperly implemented security check for standard in FortiOS and FortiProxy - CVE-2025-25255

Published: October 14, 2025

Vulnerability identifier: #VU117133

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-25255

CWE-ID: CWE-358

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiOS
FortiProxy

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote authenticated user to manipulate data.

The vulnerability exists due to improperly implemented security check for standard in explicit web proxy. An authenticated proxy user can bypass the domain fronting protection feature via crafted HTTP requests.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-24-372

#VU117133 Improperly implemented security check for standard in FortiOS and FortiProxy - CVE-2025-25255

Description

Remediation

External links

Please verify you're human