PT-2025-47364 · Fortinet · Fortiweb
Published
2025-11-18
·
Updated
2025-11-19
·
CVE-2025-59669
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FortiWeb versions 7.0 through 7.6.0
FortiWeb version 7.4
FortiWeb version 7.2
Description
A hard-coded credentials issue exists in FortiWeb that could allow an authenticated attacker with shell access to the device to connect to the redis service and access its data. This requires local authentication.
Recommendations
FortiWeb versions prior to 7.6.0 should be updated.
FortiWeb version 7.6.0 should be updated.
FortiWeb versions 7.2 and 7.4 should be updated.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiweb