CVE-2025-47890
LowCVSS 2.6Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
Fortinet FortiOS and FortiProxy have a URL Redirection to Untrusted Site vulnerability that may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.
Risk Assessment
An attacker could exploit this vulnerability to mislead users into visiting malicious sites, potentially leading to data theft or system compromise.
Recommendation
It is recommended to update to the latest version of FortiOS and FortiProxy to mitigate the risk associated with this vulnerability.
Original NVD description (English source)
An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.

