{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T23:45:26.038","vulnerabilities":[{"cve":{"id":"CVE-2025-55018","sourceIdentifier":"psirt@fortinet.com","published":"2026-02-10T16:16:08.913","lastModified":"2026-02-23T14:02:30.417","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow  an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header"},{"lang":"es","value":"Una vulnerabilidad de interpretación inconsistente de solicitudes HTTP ('contrabando de solicitudes HTTP') en Fortinet FortiOS 7.6.0, FortiOS 7.4.0 hasta 7.4.9, FortiOS 7.2 todas las versiones, FortiOS 7.0 todas las versiones, FortiOS 6.4.3 hasta 6.4.16 puede permitir a un atacante no autenticado contrabandear una solicitud HTTP no registrada a través de las políticas del cortafuegos mediante un encabezado especialmente diseñado."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Primary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.3","versionEndIncluding":"6.4.16","matchCriteriaId":"B52F326A-281A-437B-84A4-1F443D29EC49"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.4.10","matchCriteriaId":"D217AE6C-1631-4E3E-95D8-7D13F299B4DA"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*","matchCriteriaId":"44CE8EE3-D64A-49C8-87D7-C18B302F864A"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-25-667","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}}]}