Security Advisory

CVE-2025-64471

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-09 17:18:44

Last updated 2026-01-14 09:19:24

Assigner fortinet

State PUBLISHED

Description

A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests

← Browse all CVEs View on cve.org ↗