CVE-2025-55018

CVE Database · CVE-2025-55018

CVE-2025-55018

· MEDIUMModified

CVSS v3.1

5.8

EPSS

0.35%

Published

Feb 10, 2026

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Weaknesses (CWE)

CWE-444

Affected Products (3)

fortinet · fortiosvulnerable

fortinet · fortios (up to 7.4.10)vulnerable

fortinet · fortiosvulnerable

References (2)

https://fortiguard.fortinet.com/psirt/FG-IR-25-667

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-975644.html

KEV Catalog EPSS Scores Vendors All CVEs