IM
IronMonkey Threat Research

CVE-2025-47890 MEDIUM

Published: 2025-10-14 | Last Modified: 2026-06-09 | Status: Modified

Description

An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.

CVSS Metrics

Base Score: 6.1 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
ScopeCHANGED
Confidentiality ImpactLOW
Integrity ImpactLOW
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 2.8

Impact Score: 2.7

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-601

Affected Products

Vendor Product Version Update Type
fortinet fortios * <built-in method update of dict object at 0x7d1e5feba1c0> Operating System
fortinet fortios * <built-in method update of dict object at 0x7d1e643c2100> Operating System
fortinet fortiproxy * <built-in method update of dict object at 0x7d1e542c5a40> Application
fortinet fortisase 25.3.40 <built-in method update of dict object at 0x7d1e542c7ec0> Application
fortinet fortisase 25.3.40 <built-in method update of dict object at 0x7d1ea0fad180> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:fortinet:fortisase:25.3.40:*:*:*:feature:*:*:*
Yes cpe:2.3:a:fortinet:fortisase:25.3.40:*:*:*:mature:*:*:*

References

Notification
Message here