Use of Hard-Coded Credentials in Fortinet FortiWeb Solutions
CVE-2025-59669

4.8MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiweb
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-59669?

A vulnerability exists in various versions of Fortinet's FortiWeb product where hard-coded credentials are used. This issue allows an authenticated attacker with shell access to connect to the Redis service, potentially leading to unauthorized data access. Organizations should take immediate steps to update their FortiWeb deployments and review access controls to mitigate risks associated with this vulnerability.

Affected Version(s)

FortiWeb 7.6.0

FortiWeb 7.4.0 <= 7.4.11

FortiWeb 7.2.0 <= 7.2.12

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-843

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Sep 18, 2025

JSON