CVE-2025-64447

High

Published: 09 December 2025

Published

09 December 2025

Modified

09 December 2025

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0024 46.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary…

operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the core vulnerability by requiring validation and integrity checks on information inputs such as cookies to prevent exploitation via forged values.

AC-3 Access Enforcement good match

prevent

Enforces approved access authorizations, mitigating unauthorized arbitrary operations enabled by unvalidated forged cookies.

SC-23 Session Authenticity partial match

prevent

Provides mechanisms for session identifier authenticity and invalidation, reducing the risk of cookie forgery and session hijacking requiring serial number knowledge.

Security SummaryAI

CVE-2025-64447 is a vulnerability stemming from reliance on cookies without validation and integrity checking, classified under CWE-565, in Fortinet FortiWeb web application firewall. The issue affects FortiWeb versions 8.0.0 through 8.0.1, 7.6.0 through 7.6.5, 7.4.0 through 7.4.10, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting high severity due to potential for significant impacts across confidentiality, integrity, and availability.

An unauthenticated attacker can exploit this vulnerability by crafting HTTP or HTTPS requests with forged cookies, provided they have prior knowledge of the target's FortiWeb serial number. Successful exploitation enables execution of arbitrary operations on the system, though it requires high attack complexity.

Mitigation details are outlined in the Fortinet PSIRT advisory available at https://fortiguard.fortinet.com/psirt/FG-IR-25-945. Security practitioners should consult this reference for patching instructions and workarounds applicable to affected versions.

Details

CWE(s): CWE-565

Affected Products

fortinet

fortiweb

7.0.0 — 7.0.11 · 7.2.0 — 7.2.11 · 7.4.0 — 7.4.10

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability allows unauthenticated attackers to exploit a public-facing web application firewall (FortiWeb) via forged cookies, enabling arbitrary system operations, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-945
Vendor Advisory · psirt@fortinet.com