CVE-2025-25253 is a vulnerability classified under CWE-297 (Improper Validation of Certificate with Host Mismatch) affecting Fortinet FortiProxy versions 7.6.1 and below, 7.4.8 and below, 7.2 all versions, 7.0 all versions, as well as FortiOS versions 7.6.2 and below, 7.4.8 and below, 7.2 all versions, and 7.0 all versions specifically in the Zero Trust Network Access (ZTNA) proxy component. The vulnerability allows an unauthenticated attacker who can position themselves as a man-in-the-middle to exploit improper certificate validation when the hostname in the certificate does not match the expected host. This flaw enables interception and tampering of traffic between clients and the ZTNA proxy, potentially exposing sensitive information and allowing modification of data in transit. The CVSS 3.1 vector indicates the attack requires adjacent network access (AV:A), high attack complexity (AC:H), no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality, integrity, and availability (C:H/I:H/A:H). The exploitability is partially functional (E:P), with no official patch released yet (RL:X) and the report is confirmed (RC:R). No known exploits have been observed in the wild to date. The vulnerability affects a broad range of Fortinet's widely deployed security products used for secure remote access and network traffic inspection, especially in enterprise and service provider environments. The improper validation of certificates undermines the trust model of TLS connections, which is critical for secure communications in ZTNA architectures.

The vulnerability poses a significant risk to organizations relying on Fortinet FortiProxy and FortiOS ZTNA proxies for secure remote access and traffic inspection. Successful exploitation can lead to full compromise of confidentiality, allowing attackers to eavesdrop on sensitive communications, steal credentials, or exfiltrate data. Integrity is also compromised as attackers can tamper with data in transit, potentially injecting malicious payloads or altering commands. Availability may be impacted if attackers disrupt or manipulate proxy connections. This undermines the security guarantees of Zero Trust Network Access implementations, potentially exposing internal resources to unauthorized access or data leakage. Given Fortinet's extensive market penetration in enterprise, government, and service provider sectors worldwide, the vulnerability could affect critical infrastructure, financial institutions, healthcare providers, and large enterprises. The medium CVSS score reflects the requirement for adjacent network access and high attack complexity, which somewhat limits the ease of exploitation but does not eliminate the threat. The absence of authentication requirements increases risk in environments where attackers can gain network proximity, such as compromised internal networks or public Wi-Fi.

Organizations should monitor Fortinet advisories closely and apply security patches or updates as soon as they become available for FortiProxy and FortiOS ZTNA proxy components. In the interim, network segmentation should be enforced to limit access to ZTNA proxy interfaces, restricting them to trusted hosts and networks only. Deploy network intrusion detection and prevention systems (IDS/IPS) to detect anomalous man-in-the-middle activities or unusual TLS handshake failures. Enforce strict TLS configurations and certificate pinning where possible to reduce the risk of certificate validation bypass. Conduct regular audits of network traffic for signs of interception or tampering. Additionally, implement multi-factor authentication (MFA) and endpoint security measures to reduce the impact of potential credential theft. Organizations should also review and harden their Zero Trust policies and ensure that fallback mechanisms do not expose sensitive traffic. Finally, educate network administrators and security teams about the risks of certificate validation flaws and the importance of timely patch management.