VYPR
High severity7.5NVD Advisory· Published Oct 14, 2025· Updated Jun 9, 2026

CVE-2025-25253

CVE-2025-25253

Description

An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*range: >=7.0.0,<7.4.9
    • cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*range: 7.6.0
    • (no CPE)range: <=7.6.1, <=7.4.8, all 7.2, all 7.0
  • Fortinet/Fortios3 versions
    cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*range: >=7.0.0,<7.4.9
    • cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*range: 7.6.0
    • (no CPE)range: <=7.6.2, <=7.4.8, all 7.2, all 7.0
  • cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
    Range: 1.4.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.