CVE-2025-64447HIGH 8.1EPSS p93.6%

CVE-2025-64447CVE-2025-64447

Description

A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS7.36% probability of exploitation · percentile 93.6% · 2026-06-19T12:03:05Z
Published2025-12-09
Last modified2025-12-09

Underlying weaknesses· 1

CWE-565

References

  1. https://fortiguard.fortinet.com/psirt/FG-IR-25-945

1

TypeTargetConfidenceTier
WeaknessReliance on Cookies without Validation and Integrity Checkingcwe-5650%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-53847
CVE
Fortinet FortiWeb Path Traversal Vulnerability
CVE
CVE-2025-59719
CVE
CVE-2025-52970
CVE
CVE-2025-22256
CVE
CVE-2025-49201
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.