Back to CVE List

CVE-2025-62826

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
4.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Vulnerability Description

An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker able to intercept and modify a user's captive portal authentication request to inject arbitrary headers via crafted HTTP requests.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-113
Source
NVD
Vendor
fortinet
Product
fortiproxy

External References

Discussion (0)

Add Comment

No comments yet. Be the first!