URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7…
Summary
An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.
- FortiOS 7.6: 7.6.0 through 7.6.3
- FortiOS 7.4: 7.4.0 through 7.4.8
- FortiOS 7.2: 7.2 all versions
- FortiOS 7.0: 7.0 all versions
- FortiOS 6.4: 6.4 all versions
- FortiProxy 7.6: 7.6.0 through 7.6.3
- FortiProxy 7.4: 7.4 all versions
- FortiProxy 7.2: 7.2 all versions
- FortiProxy 7.0: 7.0 all versions
- FortiSASE 25.2: 25.2.a
Official advisory · high-confidence parse· fetched 58 minutes ago·verify at source
- FortiOS 7.6: 7.6.4
- FortiOS 7.4: 7.4.9
- FortiOS 7.2: migrate to a fixed release
- FortiOS 7.0: migrate to a fixed release
- FortiOS 6.4: migrate to a fixed release
- FortiProxy 7.6: 7.6.4
- FortiProxy 7.4: migrate to a fixed release
- FortiProxy 7.2: migrate to a fixed release
- FortiProxy 7.0: migrate to a fixed release
Official advisory · high-confidence parse· fetched 58 minutes ago·verify at source
Mitigation checklist
- Upgrade per the Affected/Solution table: FortiOS 7.6: 7.6.4; FortiOS 7.4: 7.4.9; FortiOS 7.2: migrate to a fixed release; FortiOS 7.0: migrate to a fixed release; FortiOS 6.4: migrate to a fixed release; ….
Official advisory · high-confidence parse· fetched 58 minutes ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.