CVE-2025-25253EPSS p1.2%

CVE-2025-25253CVE-2025-25253

fortinet / fortiproxy

Description

An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy

Scoring

CVSS 7.5 ()
VectorCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.10% probability of exploitation · percentile 1.2% · 2026-06-19T12:03:05Z
Last modified2026-06-09

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-24471
CVE
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
CVE
Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability
CVE
CVE-2025-22862
CVE
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
CVE
CVE-2025-54821
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.