CWE-113
AllowedImproper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Abstraction: Variant · Status: Incomplete
The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
177 vulnerabilities reference this CWE, most recent first.
CVE-2025-62826 (GCVE-0-2025-62826)
Vulnerability from cvelistv5 – Published: 2026-07-14 15:19 – Updated: 2026-07-14 16:02- CWE-113 - Execute unauthorized code or commands
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiPAM |
Affected:
1.7.0
Affected: 1.6.0 , ≤ 1.6.2 (semver) Affected: 1.5.0 , ≤ 1.5.1 (semver) Affected: 1.4.0 , ≤ 1.4.3 (semver) Affected: 1.3.0 , ≤ 1.3.1 (semver) Affected: 1.2.0 Affected: 1.1.0 , ≤ 1.1.2 (semver) Affected: 1.0.0 , ≤ 1.0.3 (semver) cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiProxy |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.4.0 , ≤ 7.4.14 (semver) Affected: 7.2.0 , ≤ 7.2.16 (semver) Affected: 7.0.0 , ≤ 7.0.23 (semver) cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiOS |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.4.0 , ≤ 7.4.8 (semver) Affected: 7.2.0 , ≤ 7.2.13 (semver) Affected: 7.0.0 , ≤ 7.0.19 (semver) Affected: 6.4.0 , ≤ 6.4.16 (semver) cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T16:02:21.507604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T16:02:27.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiPAM",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "1.7.0"
},
{
"lessThanOrEqual": "1.6.2",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.1",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.4.3",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiProxy",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.14",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.16",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.23",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.8",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.13",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.19",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.16",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027) vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker able to intercept and modify a user\u0027s captive portal authentication request to inject arbitrary headers via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T15:19:46.918Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-153",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-153"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiProxy version 7.6.5 or above\nUpgrade to upcoming FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.5 or above\nFortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSASE version 25.4.a and hence customers do not need to perform any action."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-62826",
"datePublished": "2026-07-14T15:19:46.918Z",
"dateReserved": "2025-10-23T11:55:45.919Z",
"dateUpdated": "2026-07-14T16:02:27.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62675 (GCVE-0-2025-62675)
Vulnerability from cvelistv5 – Published: 2026-07-14 15:15 – Updated: 2026-07-14 16:02- CWE-113 - Execute unauthorized code or commands
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiOS |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.4.0 , ≤ 7.4.12 (semver) Affected: 7.2.0 , ≤ 7.2.13 (semver) Affected: 7.0.0 , ≤ 7.0.19 (semver) Affected: 6.4.0 , ≤ 6.4.16 (semver) cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiPAM |
Affected:
1.7.0
Affected: 1.6.0 , ≤ 1.6.2 (semver) Affected: 1.5.0 , ≤ 1.5.1 (semver) Affected: 1.4.0 , ≤ 1.4.3 (semver) Affected: 1.3.0 , ≤ 1.3.1 (semver) Affected: 1.2.0 Affected: 1.1.0 , ≤ 1.1.2 (semver) Affected: 1.0.0 , ≤ 1.0.3 (semver) cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiProxy |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.4.0 , ≤ 7.4.14 (semver) Affected: 7.2.0 , ≤ 7.2.16 (semver) Affected: 7.0.0 , ≤ 7.0.23 (semver) cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T16:02:37.813993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T16:02:45.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.12",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.13",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.19",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.16",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiPAM",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "1.7.0"
},
{
"lessThanOrEqual": "1.6.2",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.1",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.4.3",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiProxy",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.14",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.16",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.23",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027) vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker in possession of a valid web filter override token to inject arbitrary headers via tricking a user into clicking on a crafted link."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T15:15:12.695Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-152",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-152"
}
],
"solutions": [
{
"lang": "en",
"value": "Fortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nUpgrade to FortiProxy version 7.6.5 or above\nUpgrade to FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-62675",
"datePublished": "2026-07-14T15:15:12.695Z",
"dateReserved": "2025-10-20T08:07:37.650Z",
"dateUpdated": "2026-07-14T16:02:45.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61689 (GCVE-0-2025-61689)
Vulnerability from cvelistv5 – Published: 2025-10-10 16:48 – Updated: 2025-10-10 19:12- CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
| URL | Tags |
|---|---|
| https://github.com/JuliaWeb/HTTP.jl/security/advi… | x_refsource_CONFIRM |
| https://github.com/JuliaWeb/HTTP.jl/releases/tag/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T19:12:33.349057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T19:12:55.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HTTP.jl",
"vendor": "JuliaWeb",
"versions": [
{
"status": "affected",
"version": "\u003c 1.10.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP.jl is an HTTP client and server functionality for the Julia programming language. Prior to version 1.10.19, HTTP.jl did not validate header names/values for illegal characters, allowing CRLF-based header injection and response splitting. This enables HTTP response splitting and header injection, leading to cache poisoning, XSS, session fixation, and more. This issue is fixed in HTTP.jl `v1.10.19`."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T16:48:41.951Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/JuliaWeb/HTTP.jl/security/advisories/GHSA-h3x8-ppwj-6vcj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/JuliaWeb/HTTP.jl/security/advisories/GHSA-h3x8-ppwj-6vcj"
},
{
"name": "https://github.com/JuliaWeb/HTTP.jl/releases/tag/v1.10.19",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JuliaWeb/HTTP.jl/releases/tag/v1.10.19"
}
],
"source": {
"advisory": "GHSA-h3x8-ppwj-6vcj",
"discovery": "UNKNOWN"
},
"title": "HTTP.jl vulnerable to Header injection/Response splitting via header construction."
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61689",
"datePublished": "2025-10-10T16:48:41.951Z",
"dateReserved": "2025-09-29T20:25:16.183Z",
"dateUpdated": "2025-10-10T19:12:55.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59151 (GCVE-0-2025-59151)
Vulnerability from cvelistv5 – Published: 2025-10-27 19:42 – Updated: 2025-10-27 20:24| URL | Tags |
|---|---|
| https://github.com/pi-hole/web/security/advisorie… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59151",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T20:23:55.672285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T20:24:05.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "web",
"vendor": "pi-hole",
"versions": [
{
"status": "affected",
"version": "\u003c 6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed (CRLF) injection. When a request is made to a file ending with the .lp extension, the application performs a redirect without properly sanitizing the input. An attacker can inject carriage return and line feed characters (%0d%0a) to manipulate both the headers and the content of the HTTP response. This enables the injection of arbitrary HTTP response headers, potentially leading to session fixation, cache poisoning, and the weakening or bypassing of browser-based security mechanisms such as Content Security Policy or X-XSS-Protection. This vulnerability is fixed in 6.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T19:42:59.596Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pi-hole/web/security/advisories/GHSA-5v79-p56f-x7c4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pi-hole/web/security/advisories/GHSA-5v79-p56f-x7c4"
}
],
"source": {
"advisory": "GHSA-5v79-p56f-x7c4",
"discovery": "UNKNOWN"
},
"title": "Pi-hole Admin Interface vulnerable to HTTP response header injection via CRLF injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59151",
"datePublished": "2025-10-27T19:42:59.596Z",
"dateReserved": "2025-09-09T15:23:16.327Z",
"dateUpdated": "2025-10-27T20:24:05.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55271 (GCVE-0-2025-55271)
Vulnerability from cvelistv5 – Published: 2026-03-26 12:59 – Updated: 2026-03-26 15:01- CWE-113 - Improper Control of HTTP Messages and Headers
| Vendor | Product | Version | |
|---|---|---|---|
| HCL | Aftermarket DPC |
Affected:
version 1.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T13:41:59.276926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T15:01:42.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aftermarket DPC",
"vendor": "HCL",
"versions": [
{
"status": "affected",
"version": "version 1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands or inject harmful content into the response.."
}
],
"value": "HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands or inject harmful content into the response.."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113: Improper Control of HTTP Messages and Headers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T12:59:30.264Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0129793"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-55271",
"datePublished": "2026-03-26T12:59:30.264Z",
"dateReserved": "2025-08-12T07:00:17.741Z",
"dateUpdated": "2026-03-26T15:01:42.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53094 (GCVE-0-2025-53094)
Vulnerability from cvelistv5 – Published: 2025-06-27 19:57 – Updated: 2025-06-27 20:19| URL | Tags |
|---|---|
| https://github.com/ESP32Async/ESPAsyncWebServer/s… | x_refsource_CONFIRM |
| https://github.com/ESP32Async/ESPAsyncWebServer/p… | x_refsource_MISC |
| https://github.com/ESP32Async/ESPAsyncWebServer/b… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| ESP32Async | ESPAsyncWebServer |
Affected:
<= 3.7.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53094",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T20:18:58.292035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T20:19:14.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ESPAsyncWebServer",
"vendor": "ESP32Async",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.7.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF (Carriage Return Line Feed) injection vulnerability exists in the construction and output of HTTP headers within `AsyncWebHeader.cpp`. Unsanitized input allows attackers to inject CR (`\\r`) or LF (`\\n`) characters into header names or values, leading to arbitrary header or response manipulation. Manipulation of HTTP headers and responses can enable a wide range of attacks, making the severity of this vulnerability high. A fix is available at pull request 211 and is expected to be part of version 3.7.9."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T19:57:15.032Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ESP32Async/ESPAsyncWebServer/security/advisories/GHSA-87j8-6f7g-h8wh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ESP32Async/ESPAsyncWebServer/security/advisories/GHSA-87j8-6f7g-h8wh"
},
{
"name": "https://github.com/ESP32Async/ESPAsyncWebServer/pull/211",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ESP32Async/ESPAsyncWebServer/pull/211"
},
{
"name": "https://github.com/ESP32Async/ESPAsyncWebServer/blob/1095dfd1ecf1a903aede29854232af1b24f089b1/src/AsyncWebHeader.cpp#L6-L32",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ESP32Async/ESPAsyncWebServer/blob/1095dfd1ecf1a903aede29854232af1b24f089b1/src/AsyncWebHeader.cpp#L6-L32"
}
],
"source": {
"advisory": "GHSA-87j8-6f7g-h8wh",
"discovery": "UNKNOWN"
},
"title": "ESPAsyncWebServer Vulnerable to CRLF Injection in AsyncWebHeader.cpp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53094",
"datePublished": "2025-06-27T19:57:15.032Z",
"dateReserved": "2025-06-25T13:41:23.086Z",
"dateUpdated": "2025-06-27T20:19:14.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53007 (GCVE-0-2025-53007)
Vulnerability from cvelistv5 – Published: 2025-06-26 14:45 – Updated: 2025-06-27 16:09- CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
| URL | Tags |
|---|---|
| https://github.com/espressif/arduino-esp32/securi… | x_refsource_CONFIRM |
| https://github.com/espressif/arduino-esp32/commit… | x_refsource_MISC |
| https://github.com/espressif/arduino-esp32/blob/9… | x_refsource_MISC |
| https://github.com/espressif/arduino-esp32/blob/9… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| espressif | arduino-esp32 |
Affected:
< 3.2.1
Affected: >= 3.3.0-alpha1, < 3.3.0-RC1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T16:02:17.500617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T16:09:37.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "arduino-esp32",
"vendor": "espressif",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.1"
},
{
"status": "affected",
"version": "\u003e= 3.3.0-alpha1, \u003c 3.3.0-RC1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The `sendHeader` function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoing HTTP response headers. There is no validation or sanitization of the `name` or `value` parameters before they are included in the HTTP response. If an attacker can control the input to `sendHeader` (either directly or indirectly), they could inject carriage return (`\\r`) or line feed (`\\n`) characters into either the header name or value. This could allow the attacker to inject additional headers, manipulate the structure of the HTTP response, potentially inject an entire new HTTP response (HTTP Response Splitting), and/or ause header confusion or other HTTP protocol attacks. Versions 3.3.0-RC1 and 3.2.1 contain a fix for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T14:45:40.839Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-5476-9jjq-563m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-5476-9jjq-563m"
},
{
"name": "https://github.com/espressif/arduino-esp32/commit/21640ac82a1bb5efa8cf0b3841be1ac80add6785",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/arduino-esp32/commit/21640ac82a1bb5efa8cf0b3841be1ac80add6785"
},
{
"name": "https://github.com/espressif/arduino-esp32/blob/9e61fa7e4bce59c05cb17c15b11b53b9bafca077/libraries/WebServer/src/WebServer.cpp#L504-L521",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/arduino-esp32/blob/9e61fa7e4bce59c05cb17c15b11b53b9bafca077/libraries/WebServer/src/WebServer.cpp#L504-L521"
},
{
"name": "https://github.com/espressif/arduino-esp32/blob/9e61fa7e4bce59c05cb17c15b11b53b9bafca077/libraries/WebServer/src/WebServer.cpp#L577-L582",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/arduino-esp32/blob/9e61fa7e4bce59c05cb17c15b11b53b9bafca077/libraries/WebServer/src/WebServer.cpp#L577-L582"
}
],
"source": {
"advisory": "GHSA-5476-9jjq-563m",
"discovery": "UNKNOWN"
},
"title": "arduino-esp32 vulnerable to CRLF injection in WebServer.cpp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53007",
"datePublished": "2025-06-26T14:45:40.839Z",
"dateReserved": "2025-06-24T03:50:36.795Z",
"dateUpdated": "2025-06-27T16:09:37.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52479 (GCVE-0-2025-52479)
Vulnerability from cvelistv5 – Published: 2025-06-25 16:06 – Updated: 2026-05-07 20:47| URL | Tags |
|---|---|
| https://github.com/JuliaWeb/HTTP.jl/security/advi… | x_refsource_CONFIRM |
| https://github.com/JuliaWeb/URIs.jl/pull/66 | x_refsource_MISC |
| https://github.com/JuliaWeb/HTTP.jl/commit/e12495… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52479",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T19:52:21.990536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T19:52:34.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HTTP.jl",
"vendor": "JuliaWeb",
"versions": [
{
"status": "affected",
"version": "\u003c 1.10.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers (URIs). URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10.17 allows the construction of URIs containing CR/LF characters. If user input was not otherwise escaped or protected, this can lead to a CRLF injection attack. Users of HTTP.jl should upgrade immediately to HTTP.jl v1.10.17, and users of URIs.jl should upgrade immediately to URIs.jl v1.6.0. The check for valid URIs is now in the URI.jl package, and the latest version of HTTP.jl incorporates that fix. As a workaround, manually validate any URIs before passing them on to functions in this package."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T20:47:37.830Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/JuliaWeb/HTTP.jl/security/advisories/GHSA-4g68-4pxg-mw93",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/JuliaWeb/HTTP.jl/security/advisories/GHSA-4g68-4pxg-mw93"
},
{
"name": "https://github.com/JuliaWeb/URIs.jl/pull/66",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JuliaWeb/URIs.jl/pull/66"
},
{
"name": "https://github.com/JuliaWeb/HTTP.jl/commit/e124953f388e7750f893fcf90efc72b7a59e35eb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JuliaWeb/HTTP.jl/commit/e124953f388e7750f893fcf90efc72b7a59e35eb"
}
],
"source": {
"advisory": "GHSA-4g68-4pxg-mw93",
"discovery": "UNKNOWN"
},
"title": "HTTP.jl vulnerable to CR/LF Injection in URIs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52479",
"datePublished": "2025-06-25T16:06:45.402Z",
"dateReserved": "2025-06-17T02:28:39.717Z",
"dateUpdated": "2026-05-07T20:47:37.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-42934 (GCVE-0-2025-42934)
Vulnerability from cvelistv5 – Published: 2025-08-12 02:04 – Updated: 2025-08-12 14:06- CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP S/4HANA (Supplier invoice) |
Affected:
S4CORE 102
Affected: 103 Affected: 104 Affected: 105 Affected: 106 Affected: 107 Affected: 108 Affected: 109 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-42934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:06:03.532501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:06:11.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP S/4HANA (Supplier invoice)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CORE 102"
},
{
"status": "affected",
"version": "103"
},
{
"status": "affected",
"version": "104"
},
{
"status": "affected",
"version": "105"
},
{
"status": "affected",
"version": "106"
},
{
"status": "affected",
"version": "107"
},
{
"status": "affected",
"version": "108"
},
{
"status": "affected",
"version": "109"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted sites into the \u0027Trusted Sites\u0027 configuration by injecting line feed (LF) characters into application inputs. This vulnerability has a low impact on the application\u0027s integrity and no impact on confidentiality or availability.\u003c/p\u003e"
}
],
"value": "SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted sites into the \u0027Trusted Sites\u0027 configuration by injecting line feed (LF) characters into application inputs. This vulnerability has a low impact on the application\u0027s integrity and no impact on confidentiality or availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T02:04:50.681Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3616863"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CRLF Injection vulnerability in SAP S/4HANA (Supplier invoice)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-42934",
"datePublished": "2025-08-12T02:04:50.681Z",
"dateReserved": "2025-04-16T13:25:34.582Z",
"dateUpdated": "2025-08-12T14:06:11.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41234 (GCVE-0-2025-41234)
Vulnerability from cvelistv5 – Published: 2025-06-12 21:14 – Updated: 2025-06-13 14:03- CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Spring Framework |
Affected:
6.0.5 , ≤ 6.0.28
(COMMERCIAL)
Affected: 6.1.0 , ≤ 6.1.20 (OSS) Affected: 6.2.0 , ≤ 6.2.7 (OSS) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T14:03:20.791564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T14:03:35.406Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "VMware",
"versions": [
{
"changes": [
{
"at": "6.0.29",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.28",
"status": "affected",
"version": "6.0.5",
"versionType": "COMMERCIAL"
},
{
"changes": [
{
"at": "6.1.21",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.1.20",
"status": "affected",
"version": "6.1.0",
"versionType": "OSS"
},
{
"changes": [
{
"at": "6.2.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.2.7",
"status": "affected",
"version": "6.2.0",
"versionType": "OSS"
}
]
}
],
"datePublic": "2025-06-12T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003ch1\u003eDescription\u003c/h1\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIn Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a \u201cContent-Disposition\u201d header with a non-ASCII charset, where the filename attribute is derived from user-supplied input.\u003c/p\u003e\u003cp\u003eSpecifically, an application is vulnerable when all the following are true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe header is prepared with \u003ccode\u003eorg.springframework.http.ContentDisposition\u003c/code\u003e.\u003c/li\u003e\u003cli\u003eThe filename is set via \u003ccode\u003eContentDisposition.Builder#filename(String, Charset)\u003c/code\u003e.\u003c/li\u003e\u003cli\u003eThe value for the filename is derived from user-supplied input.\u003c/li\u003e\u003cli\u003eThe application does not sanitize the user-supplied input.\u003c/li\u003e\u003cli\u003eThe downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details).\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAn application is not vulnerable if any of the following is true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application does not set a \u201cContent-Disposition\u201d response header.\u003c/li\u003e\u003cli\u003eThe header is not prepared with \u003ccode\u003eorg.springframework.http.ContentDisposition\u003c/code\u003e.\u003c/li\u003e\u003cli\u003eThe filename is set via one of:\u003cul\u003e\u003cli\u003e\u003ccode\u003eContentDisposition.Builder#filename(String)\u003c/code\u003e, or\u003c/li\u003e\u003cli\u003e\u003ccode\u003eContentDisposition.Builder#filename(String, ASCII)\u003c/code\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eThe filename is not derived from user-supplied input.\u003c/li\u003e\u003cli\u003eThe filename is derived from user-supplied input but sanitized by the application.\u003c/li\u003e\u003cli\u003eThe attacker cannot inject malicious content in the downloaded content of the response.\u003c/li\u003e\u003c/ul\u003e\u003ch1\u003eAffected Spring Products and Versions\u003c/h1\u003e\u003cp\u003eSpring Framework:\u003c/p\u003e\u003cul\u003e\u003cli\u003e6.2.0 - 6.2.7\u003c/li\u003e\u003cli\u003e6.1.0 - 6.1.20\u003c/li\u003e\u003cli\u003e6.0.5 - 6.0.28\u003c/li\u003e\u003cli\u003eOlder, unsupported versions are not affected\u003c/li\u003e\u003c/ul\u003e\u003ch1\u003eMitigation\u003c/h1\u003e\u003cp\u003eUsers of affected versions should upgrade to the corresponding fixed version.\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eAffected version(s)\u003c/th\u003e\u003cth\u003eFix version\u003c/th\u003e\u003cth\u003eAvailability\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e6.2.x\u003c/td\u003e\u003ctd\u003e6.2.8\u003c/td\u003e\u003ctd\u003eOSS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e6.1.x\u003c/td\u003e\u003ctd\u003e6.1.21\u003c/td\u003e\u003ctd\u003eOSS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e6.0.x\u003c/td\u003e\u003ctd\u003e6.0.29\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://enterprise.spring.io/\"\u003eCommercial\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eNo further mitigation steps are necessary.\u003c/p\u003e\u003cbr\u003eCWE-113 in `Content-Disposition` handling in VMware Spring Framework versions 6.0.5 to 6.2.7 allows remote attackers to launch Reflected File Download (RFD) attacks via unsanitized user input in `ContentDisposition.Builder#filename(String, Charset)` with non-ASCII charsets."
}
],
"value": "Description\n\nIn Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a \u201cContent-Disposition\u201d header with a non-ASCII charset, where the filename attribute is derived from user-supplied input.\n\nSpecifically, an application is vulnerable when all the following are true:\n\n * The header is prepared with org.springframework.http.ContentDisposition.\n * The filename is set via ContentDisposition.Builder#filename(String, Charset).\n * The value for the filename is derived from user-supplied input.\n * The application does not sanitize the user-supplied input.\n * The downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details).\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not set a \u201cContent-Disposition\u201d response header.\n * The header is not prepared with org.springframework.http.ContentDisposition.\n * The filename is set via one of: * ContentDisposition.Builder#filename(String), or\n * ContentDisposition.Builder#filename(String, ASCII)\n\n\n\n * The filename is not derived from user-supplied input.\n * The filename is derived from user-supplied input but sanitized by the application.\n * The attacker cannot inject malicious content in the downloaded content of the response.\n\n\nAffected Spring Products and VersionsSpring Framework:\n\n * 6.2.0 - 6.2.7\n * 6.1.0 - 6.1.20\n * 6.0.5 - 6.0.28\n * Older, unsupported versions are not affected\n\n\nMitigationUsers of affected versions should upgrade to the corresponding fixed version.\n\nAffected version(s)Fix versionAvailability6.2.x6.2.8OSS6.1.x6.1.21OSS6.0.x6.0.29 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary.\n\n\nCWE-113 in `Content-Disposition` handling in VMware Spring Framework versions 6.0.5 to 6.2.7 allows remote attackers to launch Reflected File Download (RFD) attacks via unsanitized user input in `ContentDisposition.Builder#filename(String, Charset)` with non-ASCII charsets."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Allows Reflected File Download (RFD) leading to potential compromise of confidentiality and integrity through malicious content injection in downloaded files."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T21:14:42.957Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2025-41234"
},
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41234"
},
{
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N\u0026version=3.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RFD Attack via \u201cContent-Disposition\u201d Header Sourced from Request",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41234",
"datePublished": "2025-06-12T21:14:42.957Z",
"dateReserved": "2025-04-16T09:29:46.972Z",
"dateUpdated": "2025-06-13T14:03:35.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Strategy: Input Validation
Construct HTTP headers very carefully, avoiding the use of non-validated input data.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. If an input does not strictly conform to specifications, reject it or transform it into something that conforms.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-30
Strategy: Output Encoding
Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
CAPEC-105: HTTP Request Splitting
An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to split a single HTTP request into multiple unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server).
See CanPrecede relationships for possible consequences.
CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.
CAPEC-34: HTTP Response Splitting
An adversary manipulates and injects malicious content, in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., web server) or into an already spoofed HTTP response from an adversary controlled domain/site.
See CanPrecede relationships for possible consequences.
CAPEC-85: AJAX Footprinting
This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. A common first step for an attacker is to footprint the target environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on. The knowledge gained through Ajax fingerprinting can be used to support other attacks, such as XSS.