216.73.216.233

CVE-2025-64447

· Published 09/12/2025 18:16 · Modified 09/12/2025 20:40

Labels: CVE-2025-64447 2025-12-09CVE-2025-64447CWE-565[email protected]

Essential information

Published
09/12/2025 18:16
Modified
09/12/2025 20:40
Author
Creator
CVSS
8.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fortinet / fortiweb cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
fortinet / fortiweb cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
fortinet / fortiweb cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
fortinet / fortiweb cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
fortinet / fortiweb cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*

References