HTTP Response Splitting Vulnerability in Fortinet FortiOS and FortiProxy Products
CVE-2025-62675
3.4LOW
What is CVE-2025-62675?
A security issue exists in Fortinet's FortiOS and FortiProxy products that arises from improper handling of CRLF sequences in HTTP headers. This vulnerability can be exploited by an attacker with a valid web filter override token who manages to convince a user to click on a specially crafted link. Successful exploitation allows the attacker to inject arbitrary headers, which can lead to various security implications, including web cache poisoning and unauthorized access to sensitive information.
Affected Version(s)
FortiOS 7.6.0 <= 7.6.4
FortiOS 7.4.0 <= 7.4.12
FortiOS 7.2.0 <= 7.2.13