FortiSandbox SSRF Vulnerability Allow Attacker to proxy Internal Traffic via Crafted HTTP Requests

FortiSandbox SSRF Vulnerability Allow Attacker to proxy Internal Traffic via Crafted HTTP Requests

Posted on By CWS

Fortinet disclosed a Server-Facet Request Forgery (SSRF) vulnerability in its FortiSandbox equipment on January 13, 2026, urging customers to replace amid dangers of inner community proxied requests.

Tracked as CVE-2025-67685 (FG-IR-25-783), the flaw resides within the GUI part and stems from CWE-918, enabling authenticated attackers to craft HTTP requests that proxy site visitors to inner plaintext endpoints solely.

With a CVSSv3 rating of three.4 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N), Fortinet charges the difficulty as low severity, tied to improper entry management.

Attackers want high-privilege entry, limiting exploitation to insiders or compromised admin accounts. No proof of energetic exploits exists as of publication, however the vulnerability might expose delicate inner companies in air-gapped or segmented environments.

FortiSandbox SSRF Vulnerability

The SSRF arises from insufficient enter validation within the GUI console, permitting request forging to localhost or inner IPs over HTTP/HTTPS plaintext.

Fortinet emphasizes that limiting to non-TLS endpoints reduces the blast radius, however proxying can leak metadata or allow additional pivots in misconfigured setups. Found by Jason McFadyen of Development Micro’s Zero Day Initiative beneath accountable disclosure, the bug impacts older variations of FortiSandbox.

No indicators of compromise (IOCs) had been offered, however admins ought to audit GUI logs for anomalous inner fetches since January 2026.

Affected Variations and Remediation

Model BranchAffected ReleasesSolution5.05.0.0 by way of 5.0.4Upgrade to five.0.5 or above4.4All versionsMigrate to fastened release4.2All versionsMigrate to fastened release4.0All versionsMigrate to fastened launch

Fortinet recommends instant upgrades through the FortiGuard portal. Organizations working legacy FortiSandbox ought to prioritize migration, as end-of-support for FortiSandbox 4.x approaches.

Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Rockwell ControlLogix Ethernet Vulnerability Let Attackers Execute Remote Code Rockwell ControlLogix Ethernet Vulnerability Let Attackers Execute Remote Code Cyber Security News
HPE Insight Remote Support Vulnerability Let Attackers Execute Remote Code HPE Insight Remote Support Vulnerability Let Attackers Execute Remote Code Cyber Security News
Claude Desktop Raises Privacy Concerns with Browser Integration Claude Desktop Raises Privacy Concerns with Browser Integration Cyber Security News
Remcos RAT C2 Activity Mapped Along with The Ports Used for Communications Remcos RAT C2 Activity Mapped Along with The Ports Used for Communications Cyber Security News
Microsoft File Exploited in India-Focused Cyber Espionage Microsoft File Exploited in India-Focused Cyber Espionage Cyber Security News
What is MCP Server – How it is Powering AI-Driven Cyber Defense What is MCP Server – How it is Powering AI-Driven Cyber Defense Cyber Security News