CVE-2025-59669

EUVD-2025-198011
A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
fortinetCNA
4.8 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
fortinetfortiweb
7.0.0 ≤
𝑥
< 7.6.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-843