FortiProxy <=7.6.1 & 7.4.8: Unauth MITM via Cert Host Mismatch
CVE-2025-25253 Published on October 14, 2025
An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy
Vulnerability Analysis
Weakness Type
Improper Validation of Certificate with Host Mismatch
The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.
Products Associated with CVE-2025-25253
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-25253 are published in these products:
Affected Versions
Fortinet FortiProxy:- Version 7.6.0, <= 7.6.1 is affected.
- Version 7.4.0, <= 7.4.8 is affected.
- Version 7.2.0, <= 7.2.15 is affected.
- Version 7.0.0, <= 7.0.22 is affected.
- Version 7.6.0, <= 7.6.2 is affected.
- Version 7.4.0, <= 7.4.8 is affected.
- Version 7.2.0, <= 7.2.12 is affected.
- Version 7.0.0, <= 7.0.18 is affected.
- Version 1.4.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.