CVE-2025-64447
HIGHFortiWeb 7.0.0-7.0.11, 7.2.0-7.2.11, 7.4.0-7.4.10, 7.6.0-7.6.5, 8.0.0-8.0.1 - Arbitrary Operations via Forged Cookies
Title source: llmDescription
A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-25-945
Scores
CVSS v3
8.1
EPSS
0.0736
EPSS Percentile
93.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-565
Status
published
Products (1)
fortinet/fortiweb
7.0.0 - 7.0.11
Published
Dec 09, 2025
Tracked Since
Feb 18, 2026