CVE-2025-47890

LOW

Fortinet Fortios < 7.4.9 - Open Redirect

Title source: rule

Description

An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-24-542

Scores

CVSS v3 2.6

EPSS 0.0001

EPSS Percentile 1.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (3)

fortinet/fortios 6.4.0 - 7.4.9

fortinet/fortiproxy 7.0.0 - 7.6.4

fortinet/fortisase 25.3.40 (2 CPE variants)

Published Oct 14, 2025

Tracked Since Feb 18, 2026