Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-25255

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0.1 through 7.0.22 may allow an unauthenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.

Published

2025-10-14T16:15:37.020

Last Modified

2025-12-09T18:15:49.217

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-358

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortiproxy	< 7.6.4	Yes
Operating System	fortinet	fortios	< 7.6.4	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-372 Vendor Advisory ([email protected])