CVE-2025-59669

MEDIUM

Fortinet Fortiweb < 7.6.1 - Hard-coded Credentials

Title source: rule

Description

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-25-843

Scores

CVSS v3 5.3

EPSS 0.0002

EPSS Percentile 4.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (1)

fortinet/fortiweb 7.0.0 - 7.6.1

Published Nov 18, 2025

Tracked Since Feb 18, 2026