Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2025-47890

2.5 LOW

CVSS version: 3.1
Attack vector (AV): ADJACENT_NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

created 3 months ago

An URL Redirection to Untrusted Site vulnerabilities [CWE-601] in FortiOS …

An URL Redirection to Untrusted Site vulnerabilities [CWE-601] in FortiOS 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions; FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-542

Affected products

FortiOS

=<7.2.12
=<7.4.8
=<7.0.18
=<6.4.16
=<7.6.2
=<7.0.17

FortiSASE

==25.2.a

FortiProxy

=<7.0.21
=<7.0.22
=<7.6.3
=<7.4.11
=<7.2.15
=<7.4.12

Matching in nixpkgs

pkgs.terraform-providers.fortios

None

nixos-unstable 1.22.1
- nixpkgs-unstable 1.22.1
- nixos-unstable-small 1.22.1
nixos-25.11 1.23.0
- nixpkgs-25.11-darwin 1.23.0

pkgs.python312Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python313Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>