cvelistv5 - cve-2025-64447

CVE-2025-64447 (GCVE-0-2025-64447)

Vulnerability from cvelistv5

Published

2025-12-09 17:18

Modified

2025-12-10 04:57

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-565 - Escalation of privilege

Summary

A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.

References

URL

Tags

psirt@fortinet.com

https://fortiguard.fortinet.com/psirt/FG-IR-25-945

Vendor Advisory

Impacted products

	Vendor	Product	Version
	Fortinet	FortiWeb	Version: 8.0.0 ≤ 8.0.1 Version: 7.6.0 ≤ 7.6.5 Version: 7.4.0 ≤ 7.4.10 Version: 7.2.0 ≤ 7.2.11 Version: 7.0.0 ≤ 7.0.11 cpe:2.3:a:fortinet:fortiweb:8.0.1:::::::* cpe:2.3:a:fortinet:fortiweb:8.0.0:::::::* cpe:2.3:a:fortinet:fortiweb:7.6.5:::::::* cpe:2.3:a:fortinet:fortiweb:7.6.4:::::::* cpe:2.3:a:fortinet:fortiweb:7.6.3:::::::* cpe:2.3:a:fortinet:fortiweb:7.6.2:::::::* cpe:2.3:a:fortinet:fortiweb:7.6.1:::::::* cpe:2.3:a:fortinet:fortiweb:7.6.0:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.10:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.9:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.8:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.7:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.6:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.5:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.4:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.3:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.2:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.1:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.0:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.11:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.10:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.9:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.8:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.7:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.6:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.5:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.4:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.3:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.2:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.1:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.0:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.11:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.10:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.9:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.8:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.7:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.6:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.5:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.4:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.3:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.2:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.1:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64447",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-10T04:57:32.848Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiWeb",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "8.0.1",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.6.5",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.10",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.11",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.11",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-565",
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T17:18:42.318Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-945",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-945"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiWeb version 8.0.2 or above\nUpgrade to FortiWeb version 7.6.6 or above\nUpgrade to FortiWeb version 7.4.11 or above\nUpgrade to FortiWeb version 7.2.12 or above\nUpgrade to FortiWeb version 7.0.12 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-64447",
    "datePublished": "2025-12-09T17:18:42.318Z",
    "dateReserved": "2025-11-04T14:26:34.042Z",
    "dateUpdated": "2025-12-10T04:57:32.848Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-64447\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2025-12-09T18:16:05.227\",\"lastModified\":\"2025-12-09T20:40:27.990\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-565\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.11\",\"matchCriteriaId\":\"9B46A0B2-ED2C-4836-8E72-CE1D4F3545E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndIncluding\":\"7.2.11\",\"matchCriteriaId\":\"E60D5043-7CE7-4DD1-B2DB-B6B08ABFAD13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndIncluding\":\"7.4.10\",\"matchCriteriaId\":\"FF87852D-C4E8-441A-9443-CB0BA0812568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.6.0\",\"versionEndIncluding\":\"7.6.5\",\"matchCriteriaId\":\"A162A55D-A22C-43F3-A77A-B8FB8214D6C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.1\",\"matchCriteriaId\":\"2A628CC4-1789-4DAB-AFF0-96EDD7AEF0A6\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-25-945\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-64447\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-09T20:21:53.639554Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-09T20:21:57.757Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiWeb\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.0.1\"}, {\"status\": \"affected\", \"version\": \"7.6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.6.5\"}, {\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.10\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.11\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.11\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to FortiWeb version 8.0.2 or above\\nUpgrade to FortiWeb version 7.6.6 or above\\nUpgrade to FortiWeb version 7.4.11 or above\\nUpgrade to FortiWeb version 7.2.12 or above\\nUpgrade to FortiWeb version 7.0.12 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-25-945\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-25-945\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-565\", \"description\": \"Escalation of privilege\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2025-12-09T17:18:42.318Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-64447\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-10T04:57:32.848Z\", \"dateReserved\": \"2025-11-04T14:26:34.042Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2025-12-09T17:18:42.318Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

ghsa-fqxp-5rvv-7f48

Vulnerability from github

Published

2025-12-09 18:30

Modified

2025-12-09 18:30

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-64447"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-565"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-09T18:16:05Z",
    "severity": "HIGH"
  },
  "details": "A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.",
  "id": "GHSA-fqxp-5rvv-7f48",
  "modified": "2025-12-09T18:30:47Z",
  "published": "2025-12-09T18:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64447"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-945"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

ncsc-2025-0386

Vulnerability from csaf_ncscnl

Published

2025-12-10 09:51

Modified

2025-12-10 09:51

Summary

Kwetsbaarheden verholpen in Fortinet producten

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Fortinet heeft kwetsbaarheden verholpen in FortiOS, FortiProxy, FortiWeb en FortiSwitchManager.

Interpretaties

De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot de systemen door gebruik te maken van verschillende technieken, waaronder het omzeilen van FortiCloud SSO-login authenticatie via speciaal vervaardigde SAML-berichten, het behouden van actieve SSLVPN-sessies ondanks een wachtwoordwijziging, en het uitvoeren van ongeautoriseerde operaties via vervalste HTTP- of HTTPS-verzoeken. Dit kan leiden tot ongeautoriseerde toegang tot gevoelige API-gegevens en andere netwerkbronnen.

Oplossingen

Als mitigerende maatregel tegen de authenticatie-bypass kan FortiCloud SSO login worden uitgeschakeld. Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-347

Improper Verification of Cryptographic Signature

CWE-532

Insertion of Sensitive Information into Log File

CWE-613

Insufficient Session Expiration

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Fortinet heeft kwetsbaarheden verholpen in FortiOS, FortiProxy, FortiWeb en FortiSwitchManager.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot de systemen door gebruik te maken van verschillende technieken, waaronder het omzeilen van FortiCloud SSO-login authenticatie via speciaal vervaardigde SAML-berichten, het behouden van actieve SSLVPN-sessies ondanks een wachtwoordwijziging, en het uitvoeren van ongeautoriseerde operaties via vervalste HTTP- of HTTPS-verzoeken. Dit kan leiden tot ongeautoriseerde toegang tot gevoelige API-gegevens en andere netwerkbronnen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Als mitigerende maatregel tegen de authenticatie-bypass kan FortiCloud SSO login worden uitgeschakeld. Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Verification of Cryptographic Signature",
        "title": "CWE-347"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information into Log File",
        "title": "CWE-532"
      },
      {
        "category": "general",
        "text": "Insufficient Session Expiration",
        "title": "CWE-613"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-268"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-411"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-647"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-945"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-984"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Fortinet producten",
    "tracking": {
      "current_release_date": "2025-12-10T09:51:34.918202Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0386",
      "initial_release_date": "2025-12-10T09:51:34.918202Z",
      "revision_history": [
        {
          "date": "2025-12-10T09:51:34.918202Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "FortiOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "FortiProxy"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "FortiSwitchManager"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "FortiWeb"
          }
        ],
        "category": "vendor",
        "name": "Fortinet"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59718",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Verification of Cryptographic Signature",
          "title": "CWE-347"
        },
        {
          "category": "description",
          "text": "A vulnerability in Fortinet products, including FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager, allows unauthenticated attackers to bypass FortiCloud SSO login authentication via crafted SAML messages.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59718 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59718.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4"
          ]
        }
      ],
      "title": "CVE-2025-59718"
    },
    {
      "cve": "CVE-2025-59719",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Verification of Cryptographic Signature",
          "title": "CWE-347"
        },
        {
          "category": "description",
          "text": "A vulnerability in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager allows unauthenticated attackers to bypass FortiCloud SSO login authentication via crafted SAML messages.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59719 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59719.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4"
          ]
        }
      ],
      "title": "CVE-2025-59719"
    },
    {
      "cve": "CVE-2025-62631",
      "cwe": {
        "id": "CWE-613",
        "name": "Insufficient Session Expiration"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insufficient Session Expiration",
          "title": "CWE-613"
        },
        {
          "category": "description",
          "text": "Fortinet FortiOS has an insufficient session expiration vulnerability that allows attackers to maintain access to SSLVPN sessions even after a user changes their password under certain conditions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-62631 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-62631.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4"
          ]
        }
      ],
      "title": "CVE-2025-62631"
    },
    {
      "cve": "CVE-2024-47570",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information into Log File",
          "title": "CWE-532"
        },
        {
          "category": "description",
          "text": "A vulnerability in FortiOS, FortiProxy, FortiPAM, and FortiSRA allows read-only administrators to access other administrators\u0027 API tokens through REST API logs when logging is enabled, impacting multiple versions of these products.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47570 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47570.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4"
          ]
        }
      ],
      "title": "CVE-2024-47570"
    },
    {
      "cve": "CVE-2025-64471",
      "cwe": {
        "id": "CWE-836",
        "name": "Use of Password Hash Instead of Password for Authentication"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Password Hash Instead of Password for Authentication",
          "title": "CWE-836"
        },
        {
          "category": "description",
          "text": "A vulnerability in multiple versions of Fortinet FortiWeb allows unauthenticated attackers to authenticate using password hashes via crafted HTTP/HTTPS requests.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-64471 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64471.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4"
          ]
        }
      ],
      "title": "CVE-2025-64471"
    },
    {
      "cve": "CVE-2025-64447",
      "cwe": {
        "id": "CWE-565",
        "name": "Reliance on Cookies without Validation and Integrity Checking"
      },
      "notes": [
        {
          "category": "other",
          "text": "Reliance on Cookies without Validation and Integrity Checking",
          "title": "CWE-565"
        },
        {
          "category": "description",
          "text": "A vulnerability in multiple Fortinet FortiWeb versions allows unauthenticated attackers to execute arbitrary operations via crafted HTTP/HTTPS requests using forged cookies, requiring knowledge of the FortiWeb serial number.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-64447 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64447.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4"
          ]
        }
      ],
      "title": "CVE-2025-64447"
    }
  ]
}

CERTFR-2025-AVI-1084

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur précise que la version 24.2 de FortiSandbox Cloud sera publiée ultérieurement.

Impacted products

Vendor	Product	Description
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.6
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.4
Fortinet	FortiSOAR	FortiSOAR PaaS versions antérieures à 7.5.2
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.3
Fortinet	FortiSOAR	FortiSOAR PaaS versions 7.6.x antérieures à 7.6.3
Fortinet	FortiSOAR	FortiSOAR on-premise versions 7.6.x antérieures à 7.6.3
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.6
Fortinet	N/A	FortiExtender versions antérieures à 7.4.8
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.22
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.3
Fortinet	FortiManager	FortiManager versions antérieures à 7.2.6
Fortinet	FortiSRA	FortiSRA versions antérieures à 1.5.x
Fortinet	FortiSandbox	FortiSandbox versions 5.0.x antérieures à 5.0.3
Fortinet	FortiPortal	FortiPortal versions antérieures à 7.4.6
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.15
Fortinet	FortiSwitch	FortiSwitchManager versions 7.2.x antérieures à 7.2.7
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.9
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.12
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.12
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.3
Fortinet	FortiWeb	FortiWeb versions 8.0.x antérieures à 8.0.2
Fortinet	FortiSandbox	FortiSandbox Cloud versions antérieures à 24.2
Fortinet	N/A	FortiExtender versions 7.6.x antérieures à 7.6.4
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.18
Fortinet	FortiSASE	FortiSASE versions 24.1.x antérieures à 24.1.c
Fortinet	FortiSandbox	FortiSandbox versions 4.x antérieures à 4.4.8
Fortinet	FortiWeb	FortiWeb versions 7.0.x antérieures à 7.0.12
Fortinet	FortiVoice	FortiVoice versions antérieures à 7.0.8
Fortinet	FortiSOAR	FortiSOAR on-premise versions antérieures à 7.5.2
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.11
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.5.x
Fortinet	FortiAuthenticator	FortiAuthenticator versions antérieures à 6.6.7
Fortinet	FortiSwitch	FortiSwitchManager versions 7.0.x antérieures à 7.0.6
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.4
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.11

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-25-411	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-479	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-268	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-362	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-599	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-133	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-616	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-812	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-739	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-984	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-945	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-477	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-647	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-601	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-454	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-032	2025-12-09	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-554	2025-12-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR PaaS versions ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR PaaS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.22",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions ant\u00e9rieures \u00e0 1.5.x",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.3",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.15",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox Cloud versions ant\u00e9rieures \u00e0 24.2",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.18",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSASE versions 24.1.x ant\u00e9rieures \u00e0 24.1.c",
      "product": {
        "name": "FortiSASE",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.x ant\u00e9rieures \u00e0 4.4.8",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.11",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.5.x",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.6.7",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur pr\u00e9cise que la version 24.2 de FortiSandbox Cloud sera publi\u00e9e ult\u00e9rieurement.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-60024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60024"
    },
    {
      "name": "CVE-2025-64153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64153"
    },
    {
      "name": "CVE-2025-57823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57823"
    },
    {
      "name": "CVE-2024-40593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40593"
    },
    {
      "name": "CVE-2025-53679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53679"
    },
    {
      "name": "CVE-2025-62631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62631"
    },
    {
      "name": "CVE-2025-54353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54353"
    },
    {
      "name": "CVE-2025-53949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53949"
    },
    {
      "name": "CVE-2025-59719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59719"
    },
    {
      "name": "CVE-2025-59810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59810"
    },
    {
      "name": "CVE-2025-64471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64471"
    },
    {
      "name": "CVE-2025-64447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64447"
    },
    {
      "name": "CVE-2024-47570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47570"
    },
    {
      "name": "CVE-2025-59808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59808"
    },
    {
      "name": "CVE-2025-54838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54838"
    },
    {
      "name": "CVE-2025-59923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59923"
    },
    {
      "name": "CVE-2025-64156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64156"
    },
    {
      "name": "CVE-2025-59718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59718"
    }
  ],
  "initial_release_date": "2025-12-10T00:00:00",
  "last_revision_date": "2025-12-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1084",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-411",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-411"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-479",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-479"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-268",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-268"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-362",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-362"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-599",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-599"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-133",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-133"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-616",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-616"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-812",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-812"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-739",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-739"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-984",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-984"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-945",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-945"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-477",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-477"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-647",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-647"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-601",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-601"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-454",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-454"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-032",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-032"
    },
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-554",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-554"
    }
  ]
}

fkie_cve-2025-64447

Vulnerability from fkie_nvd

Published

2025-12-09 18:16

Modified

2025-12-09 20:40

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-25-945	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortiweb	*
fortinet	fortiweb	*
fortinet	fortiweb	*
fortinet	fortiweb	*
fortinet	fortiweb	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B46A0B2-ED2C-4836-8E72-CE1D4F3545E5",
              "versionEndIncluding": "7.0.11",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60D5043-7CE7-4DD1-B2DB-B6B08ABFAD13",
              "versionEndIncluding": "7.2.11",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF87852D-C4E8-441A-9443-CB0BA0812568",
              "versionEndIncluding": "7.4.10",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A162A55D-A22C-43F3-A77A-B8FB8214D6C3",
              "versionEndIncluding": "7.6.5",
              "versionStartIncluding": "7.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A628CC4-1789-4DAB-AFF0-96EDD7AEF0A6",
              "versionEndIncluding": "8.0.1",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number."
    }
  ],
  "id": "CVE-2025-64447",
  "lastModified": "2025-12-09T20:40:27.990",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-09T18:16:05.227",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-945"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-565"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-64447 (GCVE-0-2025-64447)

Vulnerability from cvelistv5

ghsa-fqxp-5rvv-7f48

Vulnerability from github

ncsc-2025-0386

Vulnerability from csaf_ncscnl

CERTFR-2025-AVI-1084

Vulnerability from certfr_avis

Solutions

fkie_cve-2025-64447

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature