CVE-2025-64447

Summary

A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb8.0.0 <= 8.0.1affected
FortinetFortiWeb7.6.0 <= 7.6.5affected
FortinetFortiWeb7.4.0 <= 7.4.10affected
FortinetFortiWeb7.2.0 <= 7.2.11affected
FortinetFortiWeb7.0.0 <= 7.0.11affected

Weaknesses

  • CWE-565: Escalation of privilege

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References