CVE-2025-48840

Published Mar 10, 2026

Last updated 4 days ago

CVSS medium 5.3

Overview

Description: An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request.
Source: psirt@fortinet.com
NVD status: Analyzed
Products: fortiweb

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

psirt@fortinet.com: CWE-290

Hype score: Not currently trending

🔴 Fortinet FortiWeb, Authentication Bypass, #CVE-2025-48840 (Critical) https://t.co/MPjC5KRKND
@dailycve
13 Mar 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "3CF747E0-A38B-4B27-B285-11BBAF80FD3C",
            "versionEndExcluding": "7.4.9",
            "versionStartIncluding": "7.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2B739434-1979-43F9-AEC1-D287B1BCA5CA",
            "versionEndExcluding": "7.6.4",
            "versionStartIncluding": "7.6.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References