Main Vulnerability Database Vulnerabilities #VU121223

#VU121223 Server-Side Request Forgery (SSRF) in FortiSandbox - CVE-2025-67685

Published: January 13, 2026 / Updated: January 29, 2026

Vulnerability identifier: #VU121223

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-67685

CWE-ID: CWE-918

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiSandbox

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote privileged user to read and manipulate data.

The vulnerability exists due to server-side request forgery (ssrf) in GUI console. An authenticated attacker can proxy internal requests limited to plaintext endpoints only via crafted HTTP requests.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-25-783
https://www.zerodayinitiative.com/advisories/ZDI-26-048/

#VU121223 Server-Side Request Forgery (SSRF) in FortiSandbox - CVE-2025-67685

Description

Remediation

External links

Please verify you're human