High severity7.5NVD Advisory· Published Oct 14, 2025· Updated Jun 9, 2026
CVE-2025-25253
CVE-2025-25253
Description
An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*range: >=7.0.0,<7.4.9
- cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*range: 7.6.0
- (no CPE)range: <=7.6.1, <=7.4.8, all 7.2, all 7.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.