5.3

CVE-2025-48840

Medienbericht
An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortiweb Version >= 7.0.0 < 7.4.9
FortinetFortiweb Version >= 7.6.0 < 7.6.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.46% 0.363
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@fortinet.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
11.03.2026 13:02
https://fortiguard.fortinet.com/psirt/FG-IR-26-097
Vendor Advisory