CVE-2025-64471_CVE-2025-64471

4.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C

Description

A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests

Basic Information

ID CVE-2025-64471

Source fortinet

Published Dec 9, 2025 at 17:18

Affected Product

Vendor Fortinet

Product FortiWeb

Version 8.0.0

Affected Versions Fortinet FortiWeb 8.0.0
Fortinet FortiWeb 7.6.0
Fortinet FortiWeb 7.4.0
Fortinet FortiWeb 7.2.0
Fortinet FortiWeb 7.0.0

CWE Classification

CWE-836

References

fortiguard.fortinet.com /psirt/FG-IR-25-984

{
    "lastseen": "",
    "description": "A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests",
    "published": "2025-12-09T17:18:44.569Z",
    "modified": "2025-12-09T17:18:44.569Z",
    "type": "cve",
    "title": "CVE-2025-64471",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-25-984",
    "id": "CVE-2025-64471",
    "bulletinFamily": "",
    "cwe": [
        "CWE-836"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiWeb 8.0.0\nFortinet FortiWeb 7.6.0\nFortinet FortiWeb 7.4.0\nFortinet FortiWeb 7.2.0\nFortinet FortiWeb 7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiWeb",
    "version": "8.0.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}