CVE-2025-47890 is an improper access control vulnerability categorized as an open redirect (CWE-601) affecting Fortinet's FortiOS, FortiProxy, and FortiSASE products across multiple versions, including FortiOS 6.4.0 through 7.6.2, FortiProxy 7.0 through 7.6.3, and FortiSASE 25.2.a. The flaw allows an unauthenticated attacker to send specially crafted HTTP requests that cause the affected device to redirect users to arbitrary external URLs. This can be exploited to facilitate phishing attacks, redirect users to malicious websites, or bypass certain security controls by leveraging trusted Fortinet domains. The vulnerability does not directly compromise confidentiality, integrity, or availability of the device or network but poses a risk to end-user trust and may be used as part of a broader attack chain. The CVSS v3.1 score is 2.5 (low), reflecting that exploitation requires user interaction, has high attack complexity, and no privileges are needed. No known active exploits have been reported. The vulnerability affects a broad range of Fortinet products widely deployed in enterprise and service provider environments, making it relevant for organizations relying on Fortinet security appliances for perimeter defense and secure access.

For European organizations, the primary impact of CVE-2025-47890 lies in the potential for social engineering and phishing attacks leveraging trusted Fortinet domains to redirect users to malicious sites. This can erode user trust, potentially lead to credential theft, or facilitate malware delivery. While the vulnerability does not allow direct compromise of network devices or data exfiltration, it can be a stepping stone for attackers targeting employees or customers. Organizations in sectors with high reliance on Fortinet products for secure remote access, such as finance, healthcare, and critical infrastructure, may face increased risk. The widespread deployment of Fortinet products across Europe means that many organizations could be exposed, especially those that have not yet updated to patched versions. However, the low severity and requirement for user interaction limit the overall risk to operational continuity and data confidentiality.

Organizations should prioritize the following mitigations: 1) Monitor Fortinet vendor advisories and apply security patches promptly once released for affected FortiOS, FortiProxy, and FortiSASE versions. 2) Implement strict URL filtering and web gateway controls to detect and block suspicious redirect URLs originating from Fortinet devices. 3) Educate users about the risks of clicking on unexpected links, especially those appearing to come from trusted Fortinet domains. 4) Review and harden Fortinet device configurations to limit exposure of web interfaces to untrusted networks. 5) Employ multi-factor authentication and endpoint protection to reduce the impact of potential phishing attacks facilitated by this vulnerability. 6) Conduct regular security assessments and penetration tests focusing on open redirect and phishing vectors. 7) Use network monitoring tools to detect anomalous HTTP redirect patterns that could indicate exploitation attempts.