CNNVD-202512-1216 Information

Dec 09, 2025 cve

CNNVD ID

CNNVD-202512-1216

CVE-2025-59719

CNNVD Published: 2025-12-09

Description (Chinese)

Fortinet FortiWeb是美国飞塔（Fortinet）公司的一款Web应用层防火墙，它能够阻断如跨站点脚本、SQL注入、Cookie中毒、schema中毒等攻击的威胁，保证Web应用程序的安全性并保护敏感的数据库内容。 Fortinet FortiWeb 8.0.0版本、7.6.0版本至7.6.4版本和7.4.0版本至7.4.9版本存在数据伪造问题漏洞，该漏洞源于加密签名验证不当，可能导致绕过FortiCloud SSO身份验证。

Description (English)

Fortinet FortiWeb, a fireproof wall for the Fortinet application of the United States, can disrupt the threat of attacks such as cross-site scripts, SQL injections, Cookie poisoning and schema poisoning, ensure the safety of Web applications and protect sensitive database content. Fortinet FortiWeb 8.0.0, 7.6.0 to 7.6.4 and 7.4.9, there is a loophole in data forgery, which stems from improper authentication of encrypted signatures and may lead to the circumvention of FortiCloud SSO identification.

Hazard Level

Low

Vulnerability Type

数据伪造问题

Affected Vendor

飞塔

Published

2025-12-09

Last Modified

2026-02-24

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-647

Patch

https://fortiguard.fortinet.com/psirt/FG-IR-25-647

Share on: