CVE-2025-25253

EPSS 0.02%
Veröffentlicht 14.10.2025 15:22:56
Zuletzt bearbeitet 15.10.2025 17:31:11
Quelle psirt@fortinet.com
CVE-Watchlists
Login
Unerledigt
Login

An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ Fortiproxy Version >= 7.0.0 < 7.4.9

Fortinet ≫ Fortiproxy Version >= 7.6.0 < 7.6.2

Fortinet ≫ Fortios Version >= 7.0.0 < 7.4.9

Fortinet ≫ Fortios Version >= 7.6.0 < 7.6.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.024

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@fortinet.com	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-297 Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

https://fortiguard.fortinet.com/psirt/FG-IR-24-457

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-25253

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-25253

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-25253

EUVD