CVE-2025-47890

CWE-601 — Open Redirect CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.0%

top 99.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy Fortinet Fortisase

Timeline

PublishedOct 14

Description

An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages6 packages

▶NVDfortinet/fortios6.4.0 — 7.4.9+1

▶CVEListV5fortinet/fortios7.6.0 — 7.6.2+4

▶NVDfortinet/fortiproxy7.0.0 — 7.6.4

▶CVEListV5fortinet/fortiproxy7.6.0 — 7.6.3+3

▶CVEListV5fortinet/fortisase25.2.a

🔴Vulnerability Details

CVEList

CVE-2025-47890: An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7↗2025-10-14

▶

GHSA

GHSA-c94q-cx8q-xxv2: An URL Redirection to Untrusted Site vulnerabilities [CWE-601] in FortiOS 7↗2025-10-14

▶

📋Vendor Advisories

Fortinet

Open Redirect and XSS in Web Filter warning page↗2025-10-14

▶