CVE-2025-47890 is an open redirect vulnerability classified under CWE-601, impacting Fortinet FortiSASE version 25.2.a and multiple versions of FortiOS and FortiProxy. The flaw arises from improper access control in URL redirection mechanisms, allowing an unauthenticated attacker to craft malicious HTTP requests that redirect users to untrusted external websites. This can be exploited to facilitate phishing attacks or redirect users to malicious sites without their knowledge. The vulnerability affects Fortinet's widely deployed network security products, including FortiSASE, which is used for secure access service edge (SASE) deployments. The CVSS 3.1 base score is 2.5, reflecting low severity due to the attack vector requiring adjacent network access (AV:A), high attack complexity (AC:H), no privileges required (PR:N), and user interaction (UI:R). The impact on confidentiality is none, with only low integrity impact due to potential phishing risks, and no availability impact. No known exploits have been reported in the wild as of the publication date. The vulnerability was reserved in May 2025 and published in October 2025. Fortinet has not yet provided patch links, indicating that remediation may still be pending or in progress. Organizations using affected Fortinet products should be vigilant for suspicious redirect behaviors and prepare to deploy patches once available.

For European organizations, this vulnerability primarily poses a risk of phishing and social engineering attacks leveraging the open redirect flaw. While it does not directly compromise system confidentiality, integrity, or availability, attackers can exploit it to redirect users to malicious sites that may harvest credentials or deliver malware. This risk is heightened in sectors with high user interaction with Fortinet web portals, such as finance, healthcare, and government. The vulnerability's requirement for adjacent network access limits remote exploitation but does not eliminate risk in environments with exposed internal networks or VPN access. The low CVSS score reflects limited direct technical impact, but the potential for indirect compromise through user deception remains a concern. Organizations relying heavily on Fortinet FortiSASE and related products for secure access and network security should consider this vulnerability in their threat models, especially given the lack of current exploits and pending patches.

1. Monitor web traffic and logs for unusual or suspicious HTTP redirect requests originating from Fortinet FortiSASE and related products. 2. Educate users about the risks of clicking on unexpected links, especially those that redirect to external sites, to reduce phishing success. 3. Restrict access to Fortinet management and user portals to trusted networks and enforce strong network segmentation to limit adjacent network attack vectors. 4. Implement web filtering and URL reputation services to block access to known malicious domains that could be used in redirect attacks. 5. Stay in close contact with Fortinet for official patches or updates addressing CVE-2025-47890 and apply them promptly once released. 6. Consider deploying multi-factor authentication (MFA) on portals to reduce the impact of credential theft resulting from phishing. 7. Conduct regular security awareness training focused on social engineering and phishing tactics that could leverage this vulnerability.