CVE-2025-64447

HIGH

Fortinet FortiWeb <8.0.1 - CSRF

Title source: llm

Description

A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-25-945

Scores

CVSS v3 8.1

EPSS 0.0019

EPSS Percentile 40.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-565

Status published

Affected Products (1)

fortinet/fortiweb < 7.0.11

Timeline

Published Dec 09, 2025

Tracked Since Feb 18, 2026