PT-2025-50129 · Fortinet · Fortiweb
Published
2025-10-10
·
Updated
2026-01-22
·
CVE-2025-64447
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiWeb versions 8.0.0 through 8.0.1
Fortinet FortiWeb versions 7.6.0 through 7.6.5
Fortinet FortiWeb versions 7.4.0 through 7.4.10
Fortinet FortiWeb versions 7.2.0 through 7.2.11
Fortinet FortiWeb versions 7.0.0 through 7.0.11
Description
A flaw exists due to a lack of validation and integrity checking of cookies. An unauthenticated attacker could potentially execute arbitrary operations on the system by sending specially crafted HTTP or HTTPS requests with forged cookies. Prior knowledge of the FortiWeb serial number is required for exploitation.
Recommendations
FortiWeb versions 8.0.0 through 8.0.1 should be updated.
FortiWeb versions 7.6.0 through 7.6.5 should be updated.
FortiWeb versions 7.4.0 through 7.4.10 should be updated.
FortiWeb versions 7.2.0 through 7.2.11 should be updated.
FortiWeb versions 7.0.0 through 7.0.11 should be updated.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiweb