Home

Description

An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header

PUBLISHED Reserved 2025-08-05 | Published 2026-02-10 | Updated 2026-02-11 | Assigner fortinet




MEDIUM: 5.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C

Problem types

Execute unauthorized code or commands

Product status

Default status
unaffected

7.6.0
affected

7.4.0 (semver)
affected

7.2.0 (semver)
affected

7.0.0 (semver)
affected

6.4.3 (semver)
affected

References

fortiguard.fortinet.com/psirt/FG-IR-25-667

cve.org (CVE-2025-55018)

nvd.nist.gov (CVE-2025-55018)

Download JSON