MEDIUM🇵🇱 Wersja polska

CVE-2025-64471

CVSS 4.9v3.1pub. 2025-12-09upd. 2025-12-10

A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
  • Fortinet Fortiweb

    APP
    Fortinet
    7.0.0 – 7.0.117.2.0 – 7.2.117.4.0 – 7.4.107.6.0 – 7.6.48.0.0 – 8.0.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach

CVE-2025-64446CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Path Traversal w Fortinet FortiWeb umożliwiający zdalne wykonanie poleceń

CVE-2025-25257CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Krytyczna podatność SQL Injection w Fortinet FortiWeb — obejście uwierzytelnienia

CVE-2025-59719CRITICAL9.8PL ✓ten sam produkt

Fortinet FortiWeb — pominięcie uwierzytelnienia SSO przez spreparowany SAML

CVE-2023-25610CRITICAL9.8PL ✓ten sam produkt

Buffer Underflow w interfejsie administracyjnym Fortinet FortiOS / FortiProxy — RCE bez uwierzytelnienia