CVE-2025-48840

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 7.0 all versions Fortinet FortiWeb versions 7.2 all versions Fortinet FortiWeb versions 7.4.0 through 7.4.8 Fortinet FortiWeb versions 7.6.0 through 7.6.3

Description An authentication bypass by spoofing issue exists in Fortinet FortiWeb. This allows a remote, unauthenticated attacker to bypass hostname restrictions using a specially crafted request. The issue involves spoofing, potentially allowing an attacker to circumvent existing security limitations through manipulated HTTP requests.

Recommendations Fortinet FortiWeb version 7.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Fortinet FortiWeb version 7.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Fortinet FortiWeb versions 7.4.0 through 7.4.8: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Fortinet FortiWeb versions 7.6.0 through 7.6.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability.