CVE-2025-67685

LOW

Fortinet Fortisandbox < 5.0.5 - SSRF

Title source: rule

Description

A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests.

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-25-783

Scores

CVSS v3 3.8

EPSS 0.0003

EPSS Percentile 7.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Classification

CWE

CWE-918

Status published

Affected Products (1)

fortinet/fortisandbox < 5.0.5

Timeline

Published Jan 13, 2026

Tracked Since Feb 18, 2026