216.73.217.80

CVE-2025-64471

· Published 09/12/2025 18:16 · Modified 10/12/2025 19:16

Labels: CVE-2025-64471 2025-12-09CVE-2025-64471CWE-836[email protected]

Essential information

Published
09/12/2025 18:16
Modified
10/12/2025 19:16
Author
Creator
CVSS
4.9 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CVSS metrics

Description

A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests

NVD status

Status
Modified — CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fortinet / fortiweb cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
fortinet / fortiweb cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
fortinet / fortiweb cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
fortinet / fortiweb cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
fortinet / fortiweb cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*

References