CVE-2025-25253

EUVD-2025-34241
An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
fortinetCNA
6.8 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
fortinetfortiproxy
7.0.0 ≤
𝑥
< 7.4.9
fortinetfortiproxy
7.6.0 ≤
𝑥
< 7.6.2
fortinetfortios
7.0.0 ≤
𝑥
< 7.4.9
fortinetfortios
7.6.0 ≤
𝑥
< 7.6.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.fortinet.com/psirt/FG-IR-24-457