CVE-2025-64447
Published: 09 December 2025
Summary
CVE-2025-64447 is a high-severity Reliance on Cookies without Validation and Integrity Checking (CWE-565) vulnerability in Fortinet Fortiweb. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the core vulnerability by requiring validation and integrity checks on information inputs such as cookies to prevent exploitation via forged values.
Enforces approved access authorizations, mitigating unauthorized arbitrary operations enabled by unvalidated forged cookies.
Provides mechanisms for session identifier authenticity and invalidation, reducing the risk of cookie forgery and session hijacking requiring serial number knowledge.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows unauthenticated attackers to exploit a public-facing web application firewall (FortiWeb) via forged cookies, enabling arbitrary system operations, directly mapping to T1190: Exploit Public-Facing Application.
NVD Description
A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary…
more
operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.
Deeper analysisAI
CVE-2025-64447 is a vulnerability stemming from reliance on cookies without validation and integrity checking, classified under CWE-565, in Fortinet FortiWeb web application firewall. The issue affects FortiWeb versions 8.0.0 through 8.0.1, 7.6.0 through 7.6.5, 7.4.0 through 7.4.10, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting high severity due to potential for significant impacts across confidentiality, integrity, and availability.
An unauthenticated attacker can exploit this vulnerability by crafting HTTP or HTTPS requests with forged cookies, provided they have prior knowledge of the target's FortiWeb serial number. Successful exploitation enables execution of arbitrary operations on the system, though it requires high attack complexity.
Mitigation details are outlined in the Fortinet PSIRT advisory available at https://fortiguard.fortinet.com/psirt/FG-IR-25-945. Security practitioners should consult this reference for patching instructions and workarounds applicable to affected versions.
Details
- CWE(s)