HTTP Response Splitting in Fortinet FortiOS and FortiProxy
CVE-2025-62826
3.1LOW
What is CVE-2025-62826?
This vulnerability allows an attacker to intercept and alter a user's authentication request on a captive portal by injecting malicious HTTP headers through specially crafted requests. The flaw is rooted in an improper neutralization of CRLF sequences, potentially leading to exploitation and security breaches in affected versions of FortiOS and FortiProxy.
Affected Version(s)
FortiOS 7.6.0 <= 7.6.2
FortiOS 7.4.0 <= 7.4.8
FortiOS 7.2.0 <= 7.2.13