Primary

Context

Fortinet FortiProxy and FortiOS Domain Fronting Protection Bypass Vulnerability

Vulnerability

Patched

A vulnerability allowing authenticated proxy users to bypass domain fronting protection has been identified in Fortinet FortiProxy versions 7.6.0 through 7.6.3, as well as in Fortinet FortiOS versions 7.6.0 through 7.6.3. The vulnerability arises from an improperly implemented security check, which may allow users to manipulate HTTP requests and bypass protections intended to prevent domain fronting.

Impact

Exploitation of this vulnerability allows for improper access control, enabling authenticated users to bypass security features designed to protect against domain fronting.

Remediation

Users are advised to upgrade Fortinet FortiProxy to version 7.6.4 or above. For Fortinet FortiOS, the same version upgrade is recommended. After upgrading, Fortinet FortiProxy users should modify the domain-fronting setting to 'strict' to block Host header and SNI mismatches when using domain or IP.

Added: Oct 14, 2025, 4:30 PM

Updated: Oct 14, 2025, 11:10 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiProxy and FortiOS Domain Fronting Protection Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiProxy

Fortinet FortiOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating