SecuriTricks - CVE-2025-25253

Description

An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy

Product(s) Impacted

Vendor	Product	Versions
Fortinet	Fortiproxy Fortios	7.6.1, 7.4.8, 7.2, 7.0 7.6.2, 7.4.8, 7.2, 7.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-297

Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	fortinet	fortiproxy	7.6.1	/	/	/	/	/	/	/
a	fortinet	fortiproxy	7.4.8	/	/	/	/	/	/	/
a	fortinet	fortiproxy	7.2	/	/	/	/	/	/	/
a	fortinet	fortiproxy	7.0	/	/	/	/	/	/	/
a	fortinet	fortios	7.6.2	/	/	/	/	/	/	/
a	fortinet	fortios	7.4.8	/	/	/	/	/	/	/
a	fortinet	fortios	7.2	/	/	/	/	/	/	/
a	fortinet	fortios	7.0	/	/	/	/	/	/	/

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-457

CVSS Score

7.5 / 10

CVSS Data - 3.1

Attack Vector: ADJACENT_NETWORK
Attack Complexity: HIGH
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: Oct. 14, 2025, 4:15 p.m.
Last Modified: Oct. 14, 2025, 7:36 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@fortinet.com

CVE-2025-25253