Uma vulnerabilidade de Solicitação de Forja do Lado do Servidor (SSRF) [CWE-918] em Fortinet FortiSandbox 5.0.0 até 5.0.4, FortiSandbox 4.4 todas as versões, FortiSandbox 4.2 todas as versões, FortiSandbox 4.0
Plataforma
fortinet
Componente
fortisandbox
Corrigido em
5.0.5
4.4.9
4.2.9
4.0.7
CVE-2025-67685 describes a Server-Side Request Forgery (SSRF) vulnerability affecting Fortinet FortiSandbox versions 4.0.0 through 5.0.4, as well as all versions of 4.2 and 4.4. This vulnerability allows an authenticated attacker to proxy internal requests, albeit limited to plaintext endpoints, through crafted HTTP requests. The vulnerability is fixed in FortiSandbox version 5.0.5, and was published on January 13, 2026.
Impacto e Cenários de Ataquetraduzindo…
The SSRF vulnerability in FortiSandbox allows an authenticated attacker to craft HTTP requests that the FortiSandbox system will execute on behalf of the attacker. While the vulnerability is limited to plaintext endpoints, this can still be exploited to access internal resources that are not directly exposed to the internet. An attacker could potentially enumerate internal services, access sensitive data stored in plaintext, or even interact with internal APIs. The impact is amplified if the FortiSandbox system has access to highly sensitive internal networks or systems, as it could be used as a pivot point for further attacks. While the plaintext restriction limits the scope, it still presents a significant risk, particularly in environments with misconfigured internal services.
Contexto de Exploraçãotraduzindo…
The vulnerability is currently listed on the NVD and CISA advisories. The CVSS score of 3.4 indicates a low probability of exploitation, but the potential impact warrants attention. Public proof-of-concept (POC) code may emerge, increasing the risk. There are no reports of active campaigns targeting this specific vulnerability at this time, but SSRF vulnerabilities are frequently exploited in targeted attacks.
Inteligência de Ameaças
Status do Exploit
EPSS
0.03% (percentil 8%)
CISA SSVC
Vetor CVSS
O que significam essas métricas?
- Attack Vector
- Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
- Attack Complexity
- Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
- Privileges Required
- Alto — conta de administrador ou privilegiada necessária.
- User Interaction
- Nenhuma — ataque automático e silencioso. A vítima não faz nada.
- Scope
- Inalterado — impacto limitado ao componente vulnerável.
- Confidentiality
- Baixo — acesso parcial ou indireto a alguns dados.
- Integrity
- Baixo — o atacante pode modificar alguns dados com alcance limitado.
- Availability
- Nenhum — sem impacto na disponibilidade.
Software Afetado
Classificação de Fraqueza (CWE)
Linha do tempo
- Reservado
- Publicada
- Modificada
- EPSS atualizado
Mitigação e Soluções Alternativastraduzindo…
The primary mitigation for CVE-2025-67685 is to upgrade FortiSandbox to version 5.0.5 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict network access to the FortiSandbox system to only authorized users and systems. Implement strict firewall rules to limit outbound traffic from the FortiSandbox system to only necessary destinations. Review and harden any internal services that could be accessed via the SSRF vulnerability, ensuring they are not exposed to unnecessary traffic. Consider deploying a Web Application Firewall (WAF) or reverse proxy in front of FortiSandbox to filter HTTP requests and block malicious traffic. After upgrading, confirm the vulnerability is resolved by attempting to trigger the SSRF request and verifying it is blocked.
Como corrigir
Atualize FortiSandbox para uma versão posterior a 5.0.4. Consulte o advisory da Fortinet (FG-IR-25-783) para obter mais detalhes e instruções específicas de atualização. Aplique as atualizações de segurança assim que estiverem disponíveis.
Boletim de Segurança CVE
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
Perguntas frequentestraduzindo…
What is CVE-2025-67685 — SSRF in FortiSandbox 4.0 - 5.0.4?
CVE-2025-67685 is a Server-Side Request Forgery (SSRF) vulnerability in Fortinet FortiSandbox versions 4.0.0 through 5.0.4, and earlier 4.2/4.4, allowing authenticated attackers to proxy internal plaintext requests.
Am I affected by CVE-2025-67685 in FortiSandbox 4.0 - 5.0.4?
If you are running FortiSandbox versions 4.0.0 through 5.0.4, or versions 4.2 and 4.4, you are potentially affected by this SSRF vulnerability. Check your version immediately.
How do I fix CVE-2025-67685 in FortiSandbox 4.0 - 5.0.4?
The recommended fix is to upgrade FortiSandbox to version 5.0.5 or later. Implement temporary workarounds like restricting network access and firewall rules if immediate upgrade is not possible.
Is CVE-2025-67685 being actively exploited?
There are currently no reports of active campaigns exploiting CVE-2025-67685, but SSRF vulnerabilities are frequently targeted, so vigilance is advised.
Where can I find the official Fortinet advisory for CVE-2025-67685?
Refer to the Fortinet Security Advisory for detailed information and official guidance: [https://fortinet.com/security/advisory/fortisandbox-psirt-26-01](https://fortinet.com/security/advisory/fortisandbox-psirt-26-01)
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.