CVE-2025-64471

CWE-8365 documents5 sources
Severity
7.5HIGH
EPSS
0.1%
top 79.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedDec 9

Description

A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5fortinet/fortiweb8.0.08.0.1+4
NVDfortinet/fortiweb7.0.07.0.11+4

🔴Vulnerability Details

2
GHSA
GHSA-rr29-mpmg-47mc: A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 82025-12-09
CVEList
CVE-2025-64471: A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 82025-12-09

📋Vendor Advisories

1
Fortinet
Capacity to use password hashes instead of password for authentication2025-12-09

🕵️Threat Intelligence

1
Wiz
CVE-2025-64471 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-64471 (HIGH CVSS 7.5) | A use of password hash instead of p | cvebase.io