CVE-2025-47890

2.6 LOW

An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 throu...

Published: 2025-10-14 · Last updated: 2026-06-09

Severity and scoring

CVSS: 2.6 LOW
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-601

Affected products

Vendor	Product
fortinet	fortios, fortiproxy, fortisase

Description

An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-47890
[Vendor advisory]https://fortiguard.fortinet.com/psirt/FG-IR-24-542
[Other]https://cert-portal.siemens.com/productcert/html/ssa-864900.html

Related CVEs

Same vendor

CVE-2026-44277 — A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through ... (9.8 CRITICAL)
CVE-2026-25690 — An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 throu... (4.3 MEDIUM)
CVE-2026-25088 — An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through ... (5.4 MEDIUM)
CVE-2025-53844 — A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 al... (8.8 HIGH)
CVE-2025-68648 — A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4... (7.2 HIGH)

Same CWE

CVE-2026-46616 — Umbraco is an ASP.NET CMS (5.4 MEDIUM)
CVE-2026-48856 — Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data
CVE-2026-45566 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (6.1 MEDIUM)
CVE-2026-53440 — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" secur... (4.3 MEDIUM)
CVE-2026-53437 — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenk... (4.3 MEDIUM)