NewsSecurity Vulnerabilities

Fortinet FortiWeb ApacheCookie_parse Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability (CVE-2025-64447)

Luke Simmonds 806 Views 0 Comments 0 min read

CVE number CVE-2025-64447

This vulnerability allows remote attackers to bypass authentication on affected installations of Fortinet FortiWeb.

Authentication is not required to exploit this vulnerability.

The specific flaw exists within the ApacheCookie_parse method.

The issue results from the lack of proper verification of a cryptographic signature.

An attacker can leverage this vulnerability to bypass authentication on the system.

Fortinet has issued an update to correct this vulnerability. More details can be found at:
https://fortiguard.fortinet.com/psirt/FG-IR-25-945

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.