CVE-2025-25255
MEDIUMDescription
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0.1 through 7.0.22 may allow an unauthenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| fortinet | fortiproxy |
| fortinet | fortios |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-25255? +
How severe is CVE-2025-25255? +
What products are affected by CVE-2025-25255? +
How do I check if I'm vulnerable to CVE-2025-25255? +
Related Vulnerabilities
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / …
Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the …
The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could …
In liboauth2 the Demonstrating Proof-of-Possession (DPoP) verifier accepts a proof whose JSON Web Key (jwk) header contains private key material. …
DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability.
Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.