CVE-2025-47890

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.4 through 7.6.2 FortiProxy versions 7.0 through 7.6.3 FortiSASE version 25.2.a

Description An URL Redirection to Untrusted Site issue exists in FortiOS, FortiProxy, and FortiSASE. This allows an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests. The issue is related to improper handling of redirects to untrusted sites, potentially leading to phishing or other malicious activities.

Recommendations FortiOS versions prior to 7.6.2 should be updated. FortiProxy versions prior to 7.6.3 should be updated. FortiSASE version 25.2.a should be updated.