CVE-2025-64447
- Source
- https://cve.org/CVERecord?id=CVE-2025-64447
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64447.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-64447
- Published
- 2025-12-09T18:16:05.227Z
- Modified
- 2026-03-13T03:38:24.893078Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.
- References
Affected packages
Git /
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "7.0.0"
},
{
"last_affected": "7.0.11"
}
]
},
{
"events": [
{
"introduced": "7.2.0"
},
{
"last_affected": "7.2.11"
}
]
},
{
"events": [
{
"introduced": "7.4.0"
},
{
"last_affected": "7.4.10"
}
]
},
{
"events": [
{
"introduced": "7.6.0"
},
{
"last_affected": "7.6.5"
}
]
},
{
"events": [
{
"introduced": "8.0.0"
},
{
"last_affected": "8.0.1"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64447.json"