CVE-2025-25253
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-15
Assigner: Fortinet, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortiproxy | From 7.6.0 (inc) to 7.6.4 (inc) |
| fortinet | fortios | From 7.4.0 (inc) to 7.4.9 (inc) |
| fortinet | fortiproxy | From 7.6.0 (inc) to 7.6.4 (inc) |
| fortinet | fortios | From 7.4.0 (inc) to 7.4.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-297 | The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Validation of Certificate with Host Mismatch (CWE-297) in FortiProxy and FortiOS ZTNA proxy versions specified. It allows an unauthenticated attacker positioned as a man-in-the-middle to intercept and tamper with connections to the ZTNA proxy by exploiting the failure to properly validate certificates against the host.
How can this vulnerability impact me? :
The vulnerability can allow an unauthenticated attacker to intercept and modify communications between a client and the ZTNA proxy, potentially leading to data theft, manipulation, or disruption of services. This can compromise confidentiality, integrity, and availability of the affected systems.