SSRF in GUI console

SSRF in GUI console Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-25-783 Final 1 1 2026-01-13T00:00:00 Current version 2026-01-13T00:00:00 2026-01-13T00:00:00 A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] in FortiSandbox may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests. None Improper access control None Fortinet is pleased to thank Jason McFadyen of Trend Research working with Trend Micro Zero Day Initiative for reporting this vulnerability under responsible disclosure. FortiSandbox 5.0.4 FortiSandbox 5.0.3 FortiSandbox 5.0.2 FortiSandbox 5.0.1 FortiSandbox 5.0.0 FortiSandbox 4.4.9 FortiSandbox 4.4.8 FortiSandbox 4.4.7 FortiSandbox 4.4.6 FortiSandbox 4.4.5 FortiSandbox 4.4.4 FortiSandbox 4.4.3 FortiSandbox 4.4.2 FortiSandbox 4.4.1 FortiSandbox 4.4.0 FortiSandbox 4.2.8 FortiSandbox 4.2.7 FortiSandbox 4.2.6 FortiSandbox 4.2.5 FortiSandbox 4.2.4 FortiSandbox 4.2.3 FortiSandbox 4.2.2 FortiSandbox 4.2.1 FortiSandbox 4.0.6 FortiSandbox 4.0.5 FortiSandbox 4.0.4 FortiSandbox 4.0.3 FortiSandbox 4.0.2 FortiSandbox 4.0.1 FortiSandbox 4.0.0 SSRF in GUI console CVE-2025-67685 FortiSandbox-5.0.4 FortiSandbox-5.0.3 FortiSandbox-5.0.2 FortiSandbox-5.0.1 FortiSandbox-5.0.0 FortiSandbox-4.4.9 FortiSandbox-4.4.8 FortiSandbox-4.4.7 FortiSandbox-4.4.6 FortiSandbox-4.4.5 FortiSandbox-4.4.4 FortiSandbox-4.4.3 FortiSandbox-4.4.2 FortiSandbox-4.4.1 FortiSandbox-4.4.0 FortiSandbox-4.2.8 FortiSandbox-4.2.7 FortiSandbox-4.2.6 FortiSandbox-4.2.5 FortiSandbox-4.2.4 FortiSandbox-4.2.3 FortiSandbox-4.2.2 FortiSandbox-4.2.1 FortiSandbox-4.0.6 FortiSandbox-4.0.5 FortiSandbox-4.0.4 FortiSandbox-4.0.3 FortiSandbox-4.0.2 FortiSandbox-4.0.1 FortiSandbox-4.0.0 3.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-25-783 SSRF in GUI console Reference>