CVE-2025-31366: 
FortiOS vulnerability analysis and mitigation

CVE-2025-31366 is a vulnerability affecting FortiOS, FortiProxy, and FortiSASE that involves Improper Neutralization of Input During Web Page Generation and URL Redirection to Untrusted Sites (CWE-79, CWE-601). The vulnerability was discovered by Yaniv Nizry from Sonar and Piotr Ryciak, and was publicly disclosed on October 14, 2025. It allows an unauthenticated attacker to perform reflected cross-site scripting (XSS) or open redirect attacks through crafted HTTP requests (Fortinet PSIRT).

The vulnerability has been assigned a CVSSv3 score of 4.5 (Medium severity) and primarily affects the web filter warning page functionality. The issue stems from improper input validation that can be exploited through crafted HTTP requests, potentially leading to both XSS and open redirect vulnerabilities (Fortinet PSIRT).

When exploited, this vulnerability allows attackers to perform reflected cross-site scripting (XSS) attacks and execute open redirect attacks, potentially compromising user sessions and redirecting users to malicious websites. The vulnerability affects multiple versions of FortiOS (6.4 through 7.6.3), FortiProxy (7.0 through 7.6.3), and FortiSASE version 25.2 through 25.3.a (Fortinet PSIRT).

Fortinet has released patches to address this vulnerability. Users should upgrade to the following versions: FortiOS 7.6.4 or above (for 7.6 branch), FortiOS 7.4.9 or above (for 7.4 branch), and migrate to fixed releases for earlier versions. FortiProxy users should upgrade to version 7.6.4 or above. FortiSASE users should note that the issue has been remediated in version 25.3.b. Fortinet provides an upgrade path tool at their documentation site for guidance (Fortinet PSIRT).