PT-2026-2488 · Fortinet · Fortisandbox
Published
2026-01-13
·
Updated
2026-02-04
·
CVE-2025-67685
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiSandbox versions 4.0 through 5.0.4
Fortinet FortiSandbox version 4.4
Fortinet FortiSandbox version 4.2
Description
An authenticated attacker may be able to proxy internal requests limited to plaintext endpoints only by sending specially crafted HTTP requests. This is a Server-Side Request Forgery (SSRF) issue.
Recommendations
Fortinet FortiSandbox versions prior to 5.0.5 should be updated.
Fortinet FortiSandbox version 4.4 should be updated.
Fortinet FortiSandbox version 4.2 should be updated.
Fix
RCE
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortisandbox