CVE-2025-48840

← CVEs

MED 5.3

Published

2026-03-10

Last Modified

2026-03-12

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request.

Affected Applications in Environment 1

Forticlient v7.4.0.1658

1 device

Affected Devices 1

DPSOTA-4JTY044 Windows

References 1

https://fortiguard.fortinet.com/psirt/FG-IR-26-097