CVE-2025-47890
CVSS Score
2.5
EPSS Score
0.0%
EPSS Percentile
1th
An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.
| CWE | CWE-601 |
| Vendor | fortinet |
| Product | fortisase |
| Ecosystems | |
| Industries | NetworkingSecurity |
| Published | Oct 14, 2025 |
| Last Updated | Jun 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for fortinet fortisase
Be the first to know when new low vulnerabilities affecting fortinet fortisase are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected Versions
Fortinet / FortiSASE
25.2.a
Fortinet / FortiProxy
7.6.0 ≤ 7.6.3 7.4.0 ≤ 7.4.12 7.2.0 ≤ 7.2.15 7.0.0 ≤ 7.0.22
Fortinet / FortiOS
7.6.0 ≤ 7.6.2 7.4.0 ≤ 7.4.8 7.2.0 ≤ 7.2.12 7.0.0 ≤ 7.0.18 6.4.0 ≤ 6.4.16