PatchSiren cyber security CVE debrief
CVE-2025-47890 Siemens CVE debrief
CVE-2025-47890 describes a CWE-601 URL redirection to an untrusted site issue that may let an unauthenticated attacker trigger an open redirect through crafted HTTP requests. The advisory rates it low severity (CVSS 2.6), but the issue can still be useful for phishing or trust abuse when exposed services are reachable. The supplied source set also contains a notable metadata mismatch: the advisory text names FortiOS, FortiProxy, and FortiSASE, while the source metadata labels the product as Siemens RUGGEDCOM APE1808, so applicability should be verified carefully before actioning remediation.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- LOW 2.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2026-02-12
- Advisory published
- 2025-05-13
- Advisory updated
- 2026-02-12
Who should care
Security and operations teams responsible for internet-facing Fortinet deployments, especially FortiOS, FortiProxy, and FortiSASE environments listed in the advisory. Because the supplied source metadata conflicts with the advisory text, asset owners should verify whether the CVE actually applies to their products before changing maintenance plans.
Technical summary
The advisory text describes an open redirect weakness (CWE-601) reachable via crafted HTTP requests and requiring no authentication. The supplied CVSS vector is CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N, reflecting a low-impact integrity issue with user interaction required. The description lists affected versions as FortiOS 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0 all versions, and 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions; and FortiSASE 25.2.a.
Defensive priority
Low overall based on the supplied CVSS 2.6 score and the limited impact described, but do not ignore it on exposed services. Prioritize verification and patching if the affected products are present on publicly reachable management or proxy endpoints.
Recommended defensive actions
- Verify whether any exposed systems match the affected FortiOS, FortiProxy, or FortiSASE versions listed in the advisory.
- Follow the vendor remediation path referenced in the source set; the supplied remediation states to update FortiGate NGFW to v7.4.9 or later and follow the secure update procedure.
- Review externally reachable HTTP endpoints for open redirect behavior and reduce exposure where possible.
- Monitor logs for unusual redirect activity or suspicious request patterns against affected services.
- Treat the advisory’s product/vendor mismatch as a blocking validation issue until asset applicability is confirmed.
Evidence notes
The supplied CISA CSAF source records CVE-2025-47890 in ICSA-25-135-01 and shows it was added in revision 5 on 2025-11-11, then carried forward into later updates through the 2026-02-12 republication. The advisory text itself refers to FortiOS, FortiProxy, and FortiSASE, while the product metadata names Siemens RUGGEDCOM APE1808. That mismatch is present in the source corpus and should be resolved before assuming the advisory applies to a specific asset inventory.
Official resources
-
CVE-2025-47890 CVE record
CVE.org
-
CVE-2025-47890 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-05-13. The supplied CISA CSAF source shows later revisions, including CVE-2025-47890 being added on 2025-11-11 and the latest republication update on 2026-02-12.