CVE-2025-67685 — Server-Side Request Forgery in Fortinet Fortisandbox

CWE-918 — Server-Side Request Forgery4 documents4 sources

Severity

3.8LOWNVD

EPSS

0.0%

top 92.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortisandbox

Timeline

PublishedJan 13

Description

A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.5

Affected Packages2 packages

▶NVDfortinet/fortisandbox4.0.0 — 5.0.5

▶CVEListV5fortinet/fortisandbox5.0.0 — 5.0.4+3

🔴Vulnerability Details

GHSA

GHSA-vcvv-jmjx-jwrv: A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5↗2026-01-13

▶

CVEList

CVE-2025-67685: A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5↗2026-01-13

▶

📋Vendor Advisories

Fortinet

SSRF in GUI console↗2026-01-13

▶