An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header
References
| Link | Resource |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-25-667 | Vendor Advisory |
| https://cert-portal.siemens.com/productcert/html/ssa-975644.html |
Configurations
Configuration 1 (hide)
|
History
12 May 2026, 13:17
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| References |
|
23 Feb 2026, 14:02
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* |
|
| First Time |
Fortinet
Fortinet fortios |
|
| References | () https://fortiguard.fortinet.com/psirt/FG-IR-25-667 - Vendor Advisory |
10 Feb 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-02-10 16:16
Updated : 2026-05-12 13:17
NVD link : CVE-2025-55018
Mitre link : CVE-2025-55018
CVE.ORG link : CVE-2025-55018
JSON object : View
Products Affected
fortinet
- fortios
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')