Main Vulnerability Database Vulnerabilities #VU119440

Use of Password Hash Instead of Password for Authentication in FortiWeb - CVE-2025-64471

Published: December 9, 2025

Vulnerability identifier: #VU119440

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-64471

CWE-ID: CWE-836

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiWeb

Detailed vulnerability description

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to use of password hash instead of password for authentication. An unauthenticated attacker can use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests.

How to mitigate CVE-2025-64471

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-25-984

Use of Password Hash Instead of Password for Authentication in FortiWeb - CVE-2025-64471

Detailed vulnerability description

How to mitigate CVE-2025-64471

Sources

Please verify you're human