Main Vulnerability Database Vulnerabilities #VU119440

#VU119440 Use of Password Hash Instead of Password for Authentication in FortiWeb - CVE-2025-64471

Published: December 9, 2025

Vulnerability identifier: #VU119440

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-64471

CWE-ID: CWE-836

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiWeb

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to use of password hash instead of password for authentication. An unauthenticated attacker can use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-25-984

#VU119440 Use of Password Hash Instead of Password for Authentication in FortiWeb - CVE-2025-64471

Description

Remediation

External links

Please verify you're human