CNNVD-202510-1974 Information
CNNVD ID
CNNVD-202510-1974
Related CVE
- CNNVD Published: 2025-10-14
Description (Chinese)
Fortinet FortiOS和Fortinet FortiProxy都是美国飞塔(Fortinet)公司的产品。Fortinet FortiOS是一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。Fortinet FortiProxy是一种安全的网络代理,通过结合多种检测技术,如Web过滤、DNS过滤、DLP、反病毒、入侵防御和高级威胁保护,可以保护员工免受网络攻击。FortiProxy有助于减少带宽需求,并通过内容和视频缓存优化网络。 Fortinet FortiOS和Fortinet FortiProxy存在安全特征问题漏洞,该漏洞源于安全检查实现不当,可能导致经过身份验证的代理用户通过特制HTTP请求绕过域名前端保护功能。以下产品及版本受到影响:FortiProxy 7.6.0版本至7.6.3版本、7.4所有版本、7.2所有版本、7.0.1版本至7.0.21版本和FortiOS 7.6.0版本至7.6.3版本。
Description (English)
Fortinet FortiOS and Fortinet FortiProxy are products of Fortinet. Fortinet FortiOS is a secure operating system dedicated to the FortiGate network security platform. The system provides a wide range of security features for users, including firewalls, anti-virus, IPSEc/SSLVPN, Web content filters and anti-spam. Fortinet FortiProxy is a secure network agent who can protect employees from cyberattacks by combining multiple detection techniques such as Web filtering, DNS filtering, DLP, anti-virus, invasion defense and advanced threat protection. FortiProxy helps reduce bandwidth demand and optimizes the network through content and video caches. Fortinet FortiOS and Fortinet FortiProxy had a security feature loophole, which stemmed from the improper implementation of security checks and could lead to a request by an identified proxy user to bypass front-end protection of domain names through a specific HTTP. The following products and versions have been affected: FortiProxy versions 7.6.0, 7.4 all versions, 7.2 all versions, 7.0.1 to 7.0.21 and FortiOS 7.6.0 to 7.6.3.
Hazard Level
High
Vulnerability Type
安全特征问题
Affected Vendor
飞塔
Published
2025-10-14
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-24-372 https://access.redhat.com/security/cve/cve-2025-25255
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-24-372
Share on: