H3-2025-0070

FortiWeb Authentication Bypass Vulnerability

Description

A critical authentication bypass vulnerability exists in Fortinet FortiWeb, allowing unauthenticated attackers to arbitrarily add administrative users.

Impact

Unauthenticated attackers can gain control of the vulnerable device with an arbitrarily created administrative user.

References

• Initial Social Media Report
• MITRE ATT&CK Technique: T1136: Create Account