Description
A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- network
- Complexity
- high
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-565
Metadata
- Primary Vendor
- FORTINET
- Published
- 12/9/2025
- Last Modified
- 12/9/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
fortinet : fortiwebfortinet : fortiwebfortinet : fortiwebfortinet : fortiwebfortinet : fortiweb
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.