Server-Side Request Forgery Vulnerability in Fortinet FortiSandbox
CVE-2025-67685

3.4LOW

Key Information:

Vendor: Fortinet
Status: Fortisandbox
Vendor: CVE Published:; 13 January 2026

What is CVE-2025-67685?

A Server-Side Request Forgery (SSRF) vulnerability exists in Fortinet FortiSandbox versions 5.0.0 to 5.0.4 and all versions of FortiSandbox 4.4, 4.2, and 4.0. This vulnerability allows an authenticated attacker to send crafted HTTP requests that can proxy internal requests, but is limited to plaintext endpoints only. This could enable attackers to exploit internal services and potentially access sensitive data or manipulate internal operations.

Affected Version(s)

FortiSandbox 5.0.0 <= 5.0.4

FortiSandbox 4.4.0 <= 4.4.8

FortiSandbox 4.2.1 <= 4.2.8

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-783

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Dec 10, 2025

CVE-2025-67685 Data

JSON