Capacity to forge authentication cookies

Capacity to forge authentication cookies Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-25-945 Final 1 1 2025-12-09T00:00:00 Current version 2025-12-09T00:00:00 2025-12-09T00:00:00 A reliance on cookie without validation or integrity checking vulnerability [CWE-565] in FortiWeb may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies requiring knowledge of the FortiWeb serial number.FortiAppSec Cloud is NOT impacted by this vulnerability. None Escalation of privilege None Internally discovered by Fortiweb development team. Fortinet is also pleased to thank Jason McFadyen of Trend Research for reporting this vulnerability under responsible disclosure. FortiWeb 8.0.1 FortiWeb 8.0.0 FortiWeb 7.6.5 FortiWeb 7.6.4 FortiWeb 7.6.3 FortiWeb 7.6.2 FortiWeb 7.6.1 FortiWeb 7.6.0 FortiWeb 7.4.10 FortiWeb 7.4.9 FortiWeb 7.4.8 FortiWeb 7.4.7 FortiWeb 7.4.6 FortiWeb 7.4.5 FortiWeb 7.4.4 FortiWeb 7.4.3 FortiWeb 7.4.2 FortiWeb 7.4.1 FortiWeb 7.4.0 FortiWeb 7.2.11 FortiWeb 7.2.10 FortiWeb 7.2.9 FortiWeb 7.2.8 FortiWeb 7.2.7 FortiWeb 7.2.6 FortiWeb 7.2.5 FortiWeb 7.2.4 FortiWeb 7.2.3 FortiWeb 7.2.2 FortiWeb 7.2.1 FortiWeb 7.2.0 FortiWeb 7.0.11 FortiWeb 7.0.10 FortiWeb 7.0.9 FortiWeb 7.0.8 FortiWeb 7.0.7 FortiWeb 7.0.6 FortiWeb 7.0.5 FortiWeb 7.0.4 FortiWeb 7.0.3 FortiWeb 7.0.2 FortiWeb 7.0.1 FortiWeb 7.0.0 Capacity to forge authentication cookies CVE-2025-64447 FortiWeb-8.0.1 FortiWeb-8.0.0 FortiWeb-7.6.5 FortiWeb-7.6.4 FortiWeb-7.6.3 FortiWeb-7.6.2 FortiWeb-7.6.1 FortiWeb-7.6.0 FortiWeb-7.4.10 FortiWeb-7.4.9 FortiWeb-7.4.8 FortiWeb-7.4.7 FortiWeb-7.4.6 FortiWeb-7.4.5 FortiWeb-7.4.4 FortiWeb-7.4.3 FortiWeb-7.4.2 FortiWeb-7.4.1 FortiWeb-7.4.0 FortiWeb-7.2.11 FortiWeb-7.2.10 FortiWeb-7.2.9 FortiWeb-7.2.8 FortiWeb-7.2.7 FortiWeb-7.2.6 FortiWeb-7.2.5 FortiWeb-7.2.4 FortiWeb-7.2.3 FortiWeb-7.2.2 FortiWeb-7.2.1 FortiWeb-7.2.0 FortiWeb-7.0.11 FortiWeb-7.0.10 FortiWeb-7.0.9 FortiWeb-7.0.8 FortiWeb-7.0.7 FortiWeb-7.0.6 FortiWeb-7.0.5 FortiWeb-7.0.4 FortiWeb-7.0.3 FortiWeb-7.0.2 FortiWeb-7.0.1 FortiWeb-7.0.0 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-25-945 Capacity to forge authentication cookies Reference>