CVE-2025-59669
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-11-20
Assigner: Fortinet, Inc.
Description
Description
A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortiweb | From 7.0.0 (inc) to 7.6.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the use of hard-coded credentials in Fortinet FortiWeb versions 7.6.0, 7.4, 7.2, and 7.0. An authenticated attacker who has shell access to the device can exploit these credentials to connect to the Redis service and access its data.
How can this vulnerability impact me? :
The vulnerability can allow an attacker with shell access to the device to connect to the Redis service and access its data, potentially leading to unauthorized data exposure or manipulation.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70