CVE-2025-59669 is an improper access control vulnerability identified in multiple versions of Fortinet's FortiWeb product (7.0.0, 7.2.0, 7.4.0, and 7.6.0). The root cause is the use of hard-coded credentials that allow an authenticated attacker who already has shell access to the FortiWeb device to connect to the embedded Redis service. Redis is an in-memory data structure store used internally by FortiWeb for caching or session management. By leveraging these hard-coded credentials, the attacker can access Redis data, potentially exposing sensitive information or manipulating data to disrupt device operation. The vulnerability requires the attacker to have local shell access with some privileges, which means initial compromise or insider threat is a prerequisite. The CVSS v3.1 score is 4.8 (medium), reflecting the limited attack vector (local), low complexity, and partial impact on confidentiality, integrity, and availability. No public exploits have been reported yet, but the presence of hard-coded credentials represents a significant security design flaw. Fortinet has not yet published patches, so mitigation currently relies on access restrictions and monitoring. This vulnerability highlights the risks of embedded services with weak authentication controls in security appliances.

For European organizations, this vulnerability could lead to unauthorized access to sensitive data stored in the Redis service on FortiWeb devices, potentially exposing web application firewall configurations, cached credentials, or session data. This could facilitate further attacks such as privilege escalation, data exfiltration, or disruption of web application protections. Since FortiWeb is widely used by enterprises, government agencies, and critical infrastructure providers in Europe, exploitation could impact confidentiality, integrity, and availability of protected web applications. The requirement for authenticated shell access limits remote exploitation but insider threats or attackers who have already compromised the device could leverage this vulnerability to deepen their foothold. Disruption or manipulation of Redis data could degrade FortiWeb functionality, leading to denial of service or bypass of security controls. The medium severity rating suggests moderate risk but should not be underestimated in high-security environments.

1. Immediately restrict shell access to FortiWeb devices to trusted administrators only, using strong authentication and network segmentation. 2. Monitor Redis service connections and logs for unusual or unauthorized access attempts. 3. Disable or restrict the Redis service if it is not essential for operations. 4. Implement strict role-based access controls on FortiWeb devices to minimize the number of users with shell access. 5. Apply network-level controls such as firewall rules to limit access to Redis ports internally. 6. Regularly audit device configurations and credentials to detect hard-coded or default credentials. 7. Stay alert for official patches or advisories from Fortinet and apply them promptly once available. 8. Conduct internal penetration testing and vulnerability assessments focusing on FortiWeb devices to identify potential exploitation paths. 9. Educate administrators about the risks of this vulnerability and enforce best practices for device management.