CVE-2025-48840Authentication Bypass by Spoofing in Fortinet Fortiweb

CWE-290Authentication Bypass by Spoofing5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 73.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedMar 10

Description

An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDfortinet/fortiweb7.0.07.4.9+1
CVEListV5fortinet/fortiweb7.6.07.6.3+3

🔴Vulnerability Details

2
CVEList
CVE-2025-48840: An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 72026-03-10
GHSA
GHSA-h6v5-rj27-w97h: An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 72026-03-10

📋Vendor Advisories

1
Fortinet
Protected hostname bypass2026-03-10

🕵️Threat Intelligence

1
Wiz
CVE-2025-48840 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-48840 — Authentication Bypass by Spoofing | cvebase