HTTP Response Splitting Vulnerability in Fortinet FortiOS and FortiProxy Products
CVE-2025-62675

3.4LOW

Key Information:

Vendor

Fortinet

Vendor
CVE Published:
14 July 2026

What is CVE-2025-62675?

A security issue exists in Fortinet's FortiOS and FortiProxy products that arises from improper handling of CRLF sequences in HTTP headers. This vulnerability can be exploited by an attacker with a valid web filter override token who manages to convince a user to click on a specially crafted link. Successful exploitation allows the attacker to inject arbitrary headers, which can lead to various security implications, including web cache poisoning and unauthorized access to sensitive information.

Affected Version(s)

FortiOS 7.6.0 <= 7.6.4

FortiOS 7.4.0 <= 7.4.12

FortiOS 7.2.0 <= 7.2.13

References

CVSS V3.1

Score:
3.4
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.