CVE-2025-64446
Published Nov 14, 2025
Last updated 5 months ago
- Description
- A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortiweb
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Fortinet FortiWeb Path Traversal Vulnerability
- Exploit added on
- Nov 14, 2025
- Exploit action due
- Nov 21, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- psirt@fortinet.com
- CWE-23
- Hype score
- Not currently trending
正如往常一样,Fortinet 又带来了不小的震撼…… 今天,Metasploit 发布了一个针对 Fortinet FortiWeb 漏洞的模块,该模块结合了 CVE-2025-64446(绕过认证)和 CVE-2025-58034(命令注入)两个漏洞,能够在无需事先认证的情
@KarolKyoko40516
23 Mar 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb Auth. Bypass CVE-2025-64446) #FortiWeb #AuthBypass #CVE202564446 #PathTraversal #Impersonation https://t.co/kIXDsDEmS3
@reverseame
13 Mar 2026
798 Impressions
1 Retweet
7 Likes
0 Bookmarks
0 Replies
0 Quotes
🚩 Vibe coding + FortiWeb exploitation platform (CVE-2025-64446 ⛓️ CVE-2025-58034) + C2 server (?) + #opendir (now off) 💀🤷🏻♂️ Dm : https://t.co/vmiP9bobnI on telegram to learn Join my channel: https://t.co/SkhyKbfZw4 https://t.co/llKjXQv5LA
@EthicalHackerxz
19 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚩 Vibe coding + FortiWeb exploitation platform (CVE-2025-64446 ⛓️ CVE-2025-58034) + C2 server (?) + #opendir (now off) 💀🤷🏻♂️ https://t.co/SUjGlZfpVZ
@1ZRR4H
18 Feb 2026
13182 Impressions
26 Retweets
124 Likes
57 Bookmarks
7 Replies
1 Quote
The following vulnerabilities have been added to our feed: - CVE-2025-64446: Fortinet Fortiweb Command Injection RCE - CVE-2025-62221: Microsoft Cloud Files Mini Filter Driver UAF LPE - CVE-2025-26666: Windows Media Heap-based Buffer Overflow DoS https://t.co/Nw6eZdt4CA
@crowdfense
12 Feb 2026
602 Impressions
0 Retweets
4 Likes
5 Bookmarks
0 Replies
0 Quotes
Monitor CVE-2025-64446 exploit attempts with honeypots. Stay vigilant to protect your systems. #CISO #CyberSecurity https://t.co/MjGtkvzw2K
@breachwire_io
11 Feb 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New RaaS group “Sicarii” uses Israeli & Jewish iconography - but researchers say it’s likely deceptive branding. • Geo-fenced execution • CVE-2025-64446 exploitation • Data theft + destructive ransomware What’s your take on attribution-by-branding? #Ransomware #
@TechNadu
15 Jan 2026
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Active exploitation detected 📦 Product: FortiWeb 🆔 Vuln: CVE-2025-64446 A path traversal vulnerability allows an unauthenticated attacker to execute administrative commands via crafted HTTP or HTTPS requests. ⚠️ Mitigation: Apply security patches immediately.
@XavSecOps
13 Jan 2026
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Python & Kaspersky NDR Hardening for CVE-2025-64446 Read the full report on - https://t.co/em1qCsIZ14 https://t.co/pY0M09IpCI
@cyberbivash
5 Jan 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet FortiWeb の脆弱性 CVE-2025-64446:管理者アカウントを狙う攻撃を観測 https://t.co/sVPReS3obI この問題の原因は、管理画面のエンドポイントにおいて、入力されたファイルパスを正しく制限できない、パス・トラ
@iototsecnews
5 Jan 2026
35 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️We are observing elevated Fortinet exploit activity from various TOR exit nodes The exploit traffic is a mix of recent exploits like CVE-2025-64446 and credential stuffing attempts using legitimate-looking credentials Associated IP addresses 199.195.253.180 204.8.96.179
@DefusedCyber
2 Jan 2026
11202 Impressions
18 Retweets
110 Likes
36 Bookmarks
2 Replies
2 Quotes
🔔 Update: Fortinet has assigned CVE-2025-64446 (CVSS 9.1) — a path traversal flaw letting attackers run admin commands via crafted HTTP/S requests. CISA added it to KEV — deadline: Nov 21. Exploited in the wild. https://t.co/eif7UQsvBk
@CarterJames6660
22 Dec 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet reportó dos fallas críticas en FortiWeb: CVE-2025-64446, un Relative Path Traversal que permite ejecutar comandos vía HTTP/HTTPS, y la vulnerabilidad CVE-2025-58034. Mas información: https://t.co/jr8OYpTM9v #PorUnEcuadorCiberseguro @Arcotel_ec @CsirtCEDIA @CsirtEPN
@EcuCERT_EC
4 Dec 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortiWeb alert: two exploited flaws, path traversal (CVE-2025-64446) and OS command injection (CVE-2025-58034), also affect unsupported 6.x. Silent patching hampered defenders. Thoughts? #FortiWeb_vulnerabilidades_explotadas https://t.co/h16Bx0JYj0
@CyberDailyPost
2 Dec 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet FortiWeb below 8.0.2 was affected by CVE-2025-64446, a critical auth-bypass flaw. Attackers can send crafted HTTP requests to gain admin access, potentially taking full control of the WAF. Update immediately and review admin activity. Read more: https://t.co/LIkdNi7Pjs
@wazuh
2 Dec 2025
306 Impressions
6 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
Actor exploiting CVE-2025-64446 (FortiWeb path traversal vulnerability) from AS 4847 🇨🇳 ( China Networks Inter-Exchange ) 0/95 Detections on VT 🟢 Link to event 👇 https://t.co/SXb8esRZFb
@DefusedCyber
2 Dec 2025
1894 Impressions
6 Retweets
25 Likes
5 Bookmarks
1 Reply
0 Quotes
CVE-2025-64446: Fortinet FortiWeb Zero-Day Path Traversal Vulnerability Exploited in the Wild https://t.co/pUy95Y6eAI https://t.co/nthaJbK2gX
@IT_Peurico
28 Nov 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-64446
@transilienceai
27 Nov 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🛡️ FortiWeb just got stronger! Our latest WAF update bolsters protection against authentication bypass vulnerabilities (CVE-2025-64446) & enhances PHP Wrapper Injection detection. Improved coverage & blocking for your sites. 💪 https://t.co/UKpcTgYd1T
@CFchangelog
26 Nov 2025
367 Impressions
0 Retweets
10 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Two critical vulnerabilities in #Fortinet #Fortiweb are actively exploited. CVE-2025-58034 and CVE-2025-64446 can be chained together to achieve remote code execution. Check our updated advisories https://t.co/GboGlwR20Q & https://t.co/Bic3EKtppP #RCE! #Patch #Patch
@CCBalert
26 Nov 2025
210 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 FortiWeb’s Silent Breach Window: A Deep Dive Into #CVE-2025-64446 and the Threat of Admin Impersonation https://t.co/wQNfS2GLjd
@UndercodeNews
25 Nov 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cloudflare has released new WAF rule addressing the following CVE to enhance customer protection. Fortinet FortiWeb - Auth Bypass (CVE-2025-64446) https://t.co/QfKGvYFDrg
@Cloudforce_One
24 Nov 2025
1615 Impressions
2 Retweets
11 Likes
1 Bookmark
1 Reply
0 Quotes
A critical @Fortinet FortiWeb auth bypass (CVE-2025-64446) is being actively exploited, giving attackers control of vulnerable devices. @CISAgov has added it to the KEV with a Nov 21 deadline. Learn about the exploit, affected versions, & mitigation steps. https://t.co/rzxDwE
@CyberPhilipR
24 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-64446
@transilienceai
24 Nov 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
❗Fortinet FortiWeb 제로데이(CVE-2025-64446) 실시간 악용 중 상대 경로 조작으로 관리자 인증 우회 → 장비 완전 장악이 가능한 제로데이가 10월 초부터 적극 악용되고 있습니다. Criminal IP 분석 기준 871개 FortiWeb 인스턴스
@CriminalIP_KR
24 Nov 2025
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
❗Fortinet FortiWebゼロデイ(CVE-2025-64446)、リアルタイムで悪用されています❗ 相対パス操作によって管理者認証をバイパスし、機器を完全に掌握できるゼロデイが、10月上旬から積極的に悪用されています
@CriminalIP_JP
24 Nov 2025
159 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Fortinet FortiWeb Zero-Day (CVE-2025-64446) Actively Exploited 🚨 A critical path-traversal authentication bypass flaw is being weaponized in the wild since early October, allowing attackers to skip admin auth and fully compromise vulnerable appliances. 🔎 871 C
@CriminalIP_US
24 Nov 2025
189 Impressions
0 Retweets
1 Like
2 Bookmarks
0 Replies
0 Quotes
Alert: Metasploit releases exploit module for critical FortiWeb vulnerabilities (CVE-2025-64446 & CVE-2025-58034). Immediate patching to version 8.0.2+ is crucial. Link: https://t.co/Ek87OAERvg #Security #Exploit #Vulnerabilities #Cyber #Patch #Fortinet #Updates #Hacking http
@dailytechonx
23 Nov 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-64446 – FortiWeb Zero-Day Path Traversal RCE CVE-2025-64446 – FortiWeb Zero-Day Path Traversal RCE Fortinet's FortiWeb has a critical zero-day path traversal vulnerability allowing unauthenticated remote code execution. What's brutal: attackers exploit impro
@the_c_protocol
23 Nov 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New #Metasploit module just weaponized two FortiWeb 0-days — CVE-2025-64446 & CVE-2025-58034. Attackers can now go from no auth → full root RCE in seconds. Read More: https://t.co/DgOgJG3nAt #CyberSecurity #Fortinet #Canada #CanadaCyberAwareness https://t.co/oSTL
@FindSecCyber
23 Nov 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb Auth. Bypass CVE-2025-64446) https://t.co/qrN5yAvTpW
@marktsec46065
23 Nov 2025
55 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
MetasploitにFortiWebの例のゼロデイ脆弱性に対応するモジュールが追加された。CVE-2025-64446とCVE-2025-58034を連鎖させて遠隔コード実行を可能とするるもの。exploit/linux/http/fortinet_fortiweb_rce名義。 https://t.co/iQAM1txuQG
@__kokumoto
23 Nov 2025
2474 Impressions
2 Retweets
37 Likes
13 Bookmarks
0 Replies
0 Quotes
🚩 Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability https://t.co/X17lv1a5vd CVE-2025-64446 (CVSS 9.1), a path traversal flaw in FortiWeb WAF, allows unauthenticated attackers to execute administrative commands and create admin accounts via crafted
@Huntio
22 Nov 2025
980 Impressions
4 Retweets
7 Likes
0 Bookmarks
0 Replies
1 Quote
exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034) https://t.co/sunlFe4r1S
@tdatwja
22 Nov 2025
189 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🧵 🚨 BREAKING: FortiWeb WAFs under ACTIVE zero-day attack Two critical vulns being exploited in the wild: • CVE-2025-58034 • CVE-2025-64446 (auth bypass) CISA says patch in 7 days. Here's what you need to know 👇 https://t.co/W0C6VVFLHa #CyberSecurity #ZeroDa https:/
@nxtgen579255
22 Nov 2025
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Vulnérabilité dans Fortinet FortiWeb (14 novembre 2025) — Une vulnérabilité a été découverte dans Fortinet FortiWeb. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité. Fortinet indique que la vulnérabilité CVE-2025-64446 est active
@RotateKeys
22 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-64446
@transilienceai
22 Nov 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
We now have a (draft) @metasploit exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: https://t.co/Xh15JybxsC https://t.co/n7sMp6qCJU
@stephenfewer
21 Nov 2025
12194 Impressions
50 Retweets
209 Likes
69 Bookmarks
2 Replies
1 Quote
🚨 Fortinet FortiWeb Exploitation Alert 🚨 Threat actors are abusing a critical auth-bypass flaw (CVE-2025-64446) to gain admin access, create rogue accounts, alter configs & wipe logs. Check IoCs + mitigation steps in our full advisory 👇 📄 https://t.co/TN316Ffimo
@sequretek_sqtk
21 Nov 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-64446
@transilienceai
21 Nov 2025
30 Impressions
0 Retweets
0 Likes
1 Bookmark
1 Reply
0 Quotes
🚨 A new FortiWeb vulnerability, CVE-2025-58034, has emerged just days after the previous Fortinet disclosure and is already being exploited in the wild. While medium in severity, early signals suggest it may be chained with CVE-2025-64446, though no official confirmation has h
@censysio
20 Nov 2025
5409 Impressions
15 Retweets
58 Likes
19 Bookmarks
0 Replies
2 Quotes
🚨 Fortinet FortiWeb Security Advisory [—] Nov 20, 2025 Comprehensive analysis of recent vulnerabilities affecting Fortinet FortiWeb Web Application Firewall, including CVE-2025-64446 and CVE-2025-58034. Checkout our Threat Intelligence Platform:... https://t.co/vX12nHWhJj
@transilienceai
20 Nov 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Critical Fortinet FortiWeb Zero-Day (CVE-2025-64446) exploited in the wild! Remote command execution through path traversal attacks. No patch yet — lock down your FortiWeb devices NOW. Monitor updates! 🔗https://t.co/brvzTj2JO6 #Fortinet #Cybersecurity https://t.co/eaKg
@rapidriskradar
20 Nov 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA confirma explotación activa de una vulnerabilidad grave en Fortinet FortiWeb (CVE-2025-64446). Miles de sistemas están en riesgo y los atacantes ya están aprovechando esta falla para tomar control de dispositivos. ¿Estas protegido? ✅ ¡No lo ignores! https://t.co
@M4nticonsuling
19 Nov 2025
28 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na aktivně zneužívanou zranitelnost ve Fortinet FortiWeb, CVE-2025-64446. Zranitelnost je způsobená záměnou/procházením cest v komponentě FortiWeb GUI. Útočníci mohou odesílat speciálně vytvořené požadavky HTTP/HTTPS POST na zmanipulované ces
@GOVCERT_CZ
19 Nov 2025
365 Impressions
2 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
#AlertaDeSeguridad ⚠️ Se confirma la explotación activa de la vulnerabilidad CVE-2025-64446 en FortiWeb.🚫 Este fallo crítico permite a los atacantes eludir la autenticación y conseguir el control del WAF en versiones no actualizadas. Conoce el análisis #ColCERT 🔗 h
@colCERT
19 Nov 2025
537 Impressions
8 Retweets
11 Likes
0 Bookmarks
0 Replies
0 Quotes
포티넷, 포티웹 취약점 악용 심각…”전 세계 침해 정황 위험” CVE-2025-64446 긴급 경보…CISA, 미 연방기관에 1주일 내 패치 명령 https://t.co/SZLGc2allr
@rokmc_sns
18 Nov 2025
28 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New #Tenable #Security Research Blog: CVE-2025-64446: #Fortinet FortiWeb Zero-Day Path Traversal Vulnerability Exploited in the Wild https://t.co/lgDBL6wHd3 https://t.co/X6X5ezQN7X
@pcasano
18 Nov 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A Critical Vulnerability exists in Fortinet FortiWeb (CVE-2025-64446). Please see the @ncsc_gov_ie advisory for more information: https://t.co/OVHLLW3YiS
@ncsc_gov_ie
18 Nov 2025
275 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical Fortinet FortiWeb vulnerability capable of remote code execution has been exploited in the wild. Fortinet on Nov. 14 disclosed CVE-2025-64446, a vulnerability in its Web application firewall (WAF) product FortiWeb. https://t.co/MlJIbIi9KH
@Guardian360nl
18 Nov 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE13E2A-CEC3-4FC7-98AD-11CA1EAEC0C0",
"versionEndExcluding": "7.0.12",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "551127B2-DCE9-403D-8073-ACD717CD0B19",
"versionEndExcluding": "7.2.12",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83212B0A-5EEF-4FA7-89C5-5E4D687CBB07",
"versionEndExcluding": "7.4.10",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D358CE92-A30D-4058-8D12-00376E4B9074",
"versionEndExcluding": "7.6.5",
"versionStartIncluding": "7.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1DD8ABA-9BB5-4ED8-9E34-1CB0752651DF",
"versionEndExcluding": "8.0.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]