Server-Side Request Forgery Vulnerability in Fortinet FortiSandbox
CVE-2025-67685

3.4LOW

Key Information:

Vendor: Fortinet
Status: Fortisandbox
Vendor: CVE Published:; 13 January 2026

What is CVE-2025-67685?

A Server-Side Request Forgery (SSRF) vulnerability exists in Fortinet FortiSandbox versions 5.0.0 to 5.0.4 and all versions of FortiSandbox 4.4, 4.2, and 4.0. This vulnerability allows an authenticated attacker to send crafted HTTP requests that can proxy internal requests, but is limited to plaintext endpoints only. This could enable attackers to exploit internal services and potentially access sensitive data or manipulate internal operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiSandbox 5.0.0 <= 5.0.4

FortiSandbox 4.4.0 <= 4.4.8

FortiSandbox 4.2.1 <= 4.2.8

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-783

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Dec 10, 2025

JSON

Fortinet