CVE-2025-64446

Published Nov 14, 2025

Last updated 23 days ago

Exploit knownCVSS critical 9.8
Fortinet
FortiWeb

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-64446 is a relative path traversal vulnerability affecting Fortinet FortiWeb versions 8.0.0 through 8.0.1, 7.6.0 through 7.6.4, 7.4.0 through 7.4.9, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11. It can be exploited by sending crafted HTTP or HTTPS requests. This vulnerability allows remote, unauthenticated attackers to gain administrative access to the web application firewall appliances. Specifically, the vulnerability can be exploited by sending an HTTP POST request to `/api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi` with a payload designed to create an administrative account. Successful exploitation allows an attacker with no prior access to gain administrator-level access to the FortiWeb Manager panel and websocket command-line interface.

Description
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Source
psirt@fortinet.com
NVD status
Analyzed
Products
fortiweb

Insights

Analysis from the Intruder Security Team
Published Nov 14, 2025 Updated Nov 16, 2025

This exploit was picked up by Defused as early as October 2nd where it was thought to be a variant of CVE-2022-40684. However, Fortinet have confirmed that this is a new vulnerability and have assigned this CVE to the vulnerability. This vulnerability takes advantage of both a path traversal (/api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi) and an auth bypass via the cookie CGIINFO.

Fortinet offer little information within their disclosure, and until today there was no patching information as mentioned within watchTowr's article. The infosec community has collated some IOC's which can be found here. This vulnerability has been actively exploited to create a new administrative user, any instances of Fortiweb that have exposed the web GUI to the internet should be considered compromised.

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Fortinet FortiWeb Path Traversal Vulnerability
Exploit added on
Nov 14, 2025
Exploit action due
Nov 21, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@fortinet.com
CWE-23

Social media

Hype score
Not currently trending

  1. Fortinet reportó dos fallas críticas en FortiWeb: CVE-2025-64446, un Relative Path Traversal que permite ejecutar comandos vía HTTP/HTTPS, y la vulnerabilidad CVE-2025-58034. Mas información: https://t.co/jr8OYpTM9v #PorUnEcuadorCiberseguro @Arcotel_ec @CsirtCEDIA @CsirtEPN

    @EcuCERT_EC

    4 Dec 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. FortiWeb alert: two exploited flaws, path traversal (CVE-2025-64446) and OS command injection (CVE-2025-58034), also affect unsupported 6.x. Silent patching hampered defenders. Thoughts? #FortiWeb_vulnerabilidades_explotadas https://t.co/h16Bx0JYj0

    @CyberDailyPost

    2 Dec 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Fortinet FortiWeb below 8.0.2 was affected by CVE-2025-64446, a critical auth-bypass flaw. Attackers can send crafted HTTP requests to gain admin access, potentially taking full control of the WAF. Update immediately and review admin activity. Read more: https://t.co/LIkdNi7Pjs

    @wazuh

    2 Dec 2025

    306 Impressions

    6 Retweets

    9 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Actor exploiting CVE-2025-64446 (FortiWeb path traversal vulnerability) from AS 4847 🇨🇳 ( China Networks Inter-Exchange ) 0/95 Detections on VT 🟢 Link to event 👇 https://t.co/SXb8esRZFb

    @DefusedCyber

    2 Dec 2025

    1894 Impressions

    6 Retweets

    25 Likes

    5 Bookmarks

    1 Reply

    0 Quotes

  5. CVE-2025-64446: Fortinet FortiWeb Zero-Day Path Traversal Vulnerability Exploited in the Wild https://t.co/pUy95Y6eAI https://t.co/nthaJbK2gX

    @IT_Peurico

    28 Nov 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Actively exploited CVE : CVE-2025-64446

    @transilienceai

    27 Nov 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. 🛡️ FortiWeb just got stronger! Our latest WAF update bolsters protection against authentication bypass vulnerabilities (CVE-2025-64446) & enhances PHP Wrapper Injection detection. Improved coverage & blocking for your sites. 💪 https://t.co/UKpcTgYd1T

    @CFchangelog

    26 Nov 2025

    367 Impressions

    0 Retweets

    10 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Warning: Two critical vulnerabilities in #Fortinet #Fortiweb are actively exploited. CVE-2025-58034 and CVE-2025-64446 can be chained together to achieve remote code execution. Check our updated advisories https://t.co/GboGlwR20Q & https://t.co/Bic3EKtppP #RCE! #Patch #Patch

    @CCBalert

    26 Nov 2025

    210 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 FortiWeb’s Silent Breach Window: A Deep Dive Into #CVE-2025-64446 and the Threat of Admin Impersonation https://t.co/wQNfS2GLjd

    @UndercodeNews

    25 Nov 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Cloudflare has released new WAF rule addressing the following CVE to enhance customer protection. Fortinet FortiWeb - Auth Bypass (CVE-2025-64446) https://t.co/QfKGvYFDrg

    @Cloudforce_One

    24 Nov 2025

    1615 Impressions

    2 Retweets

    11 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  11. A critical @Fortinet FortiWeb auth bypass (CVE-2025-64446) is being actively exploited, giving attackers control of vulnerable devices. @CISAgov has added it to the KEV with a Nov 21 deadline. Learn about the exploit, affected versions, & mitigation steps. https://t.co/rzxDwE

    @CyberPhilipR

    24 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Actively exploited CVE : CVE-2025-64446

    @transilienceai

    24 Nov 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. ❗Fortinet FortiWeb 제로데이(CVE-2025-64446) 실시간 악용 중 상대 경로 조작으로 관리자 인증 우회 → 장비 완전 장악이 가능한 제로데이가 10월 초부터 적극 악용되고 있습니다. Criminal IP 분석 기준 871개 FortiWeb 인스턴스

    @CriminalIP_KR

    24 Nov 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. ❗Fortinet FortiWebゼロデイ(CVE-2025-64446)、リアルタイムで悪用されています❗​ 相対パス操作によって管理者認証をバイパスし、機器を完全に掌握できるゼロデイが、10月上旬から積極的に悪用されています

    @CriminalIP_JP

    24 Nov 2025

    159 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  15. 🚨 Fortinet FortiWeb Zero-Day (CVE-2025-64446) Actively Exploited 🚨​ A critical path-traversal authentication bypass flaw is being weaponized in the wild since early October, allowing attackers to skip admin auth and fully compromise vulnerable appliances.​ 🔎 871 C

    @CriminalIP_US

    24 Nov 2025

    189 Impressions

    0 Retweets

    1 Like

    2 Bookmarks

    0 Replies

    0 Quotes

  16. Alert: Metasploit releases exploit module for critical FortiWeb vulnerabilities (CVE-2025-64446 & CVE-2025-58034). Immediate patching to version 8.0.2+ is crucial. Link: https://t.co/Ek87OAERvg #Security #Exploit #Vulnerabilities #Cyber #Patch #Fortinet #Updates #Hacking http

    @dailytechonx

    23 Nov 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨 CVE-2025-64446 – FortiWeb Zero-Day Path Traversal RCE CVE-2025-64446 – FortiWeb Zero-Day Path Traversal RCE Fortinet's FortiWeb has a critical zero-day path traversal vulnerability allowing unauthenticated remote code execution. What's brutal: attackers exploit impro

    @the_c_protocol

    23 Nov 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 New #Metasploit module just weaponized two FortiWeb 0-days — CVE-2025-64446 & CVE-2025-58034. Attackers can now go from no auth → full root RCE in seconds. Read More: https://t.co/DgOgJG3nAt #CyberSecurity #Fortinet #Canada #CanadaCyberAwareness https://t.co/oSTL

    @FindSecCyber

    23 Nov 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb Auth. Bypass CVE-2025-64446) https://t.co/qrN5yAvTpW

    @marktsec46065

    23 Nov 2025

    55 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  20. MetasploitにFortiWebの例のゼロデイ脆弱性に対応するモジュールが追加された。CVE-2025-64446とCVE-2025-58034を連鎖させて遠隔コード実行を可能とするるもの。exploit/linux/http/fortinet_fortiweb_rce名義。 https://t.co/iQAM1txuQG

    @__kokumoto

    23 Nov 2025

    2474 Impressions

    2 Retweets

    37 Likes

    13 Bookmarks

    0 Replies

    0 Quotes

  21. 🚩 Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability https://t.co/X17lv1a5vd CVE-2025-64446 (CVSS 9.1), a path traversal flaw in FortiWeb WAF, allows unauthenticated attackers to execute administrative commands and create admin accounts via crafted

    @Huntio

    22 Nov 2025

    980 Impressions

    4 Retweets

    7 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  22. exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034) https://t.co/sunlFe4r1S

    @tdatwja

    22 Nov 2025

    189 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🧵 🚨 BREAKING: FortiWeb WAFs under ACTIVE zero-day attack Two critical vulns being exploited in the wild: • CVE-2025-58034 • CVE-2025-64446 (auth bypass) CISA says patch in 7 days. Here's what you need to know 👇 https://t.co/W0C6VVFLHa #CyberSecurity #ZeroDa https:/

    @nxtgen579255

    22 Nov 2025

    2 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Vulnérabilité dans Fortinet FortiWeb (14 novembre 2025) — Une vulnérabilité a été découverte dans Fortinet FortiWeb. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité. Fortinet indique que la vulnérabilité CVE-2025-64446 est active

    @RotateKeys

    22 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Actively exploited CVE : CVE-2025-64446

    @transilienceai

    22 Nov 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. We now have a (draft) @metasploit exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: https://t.co/Xh15JybxsC https://t.co/n7sMp6qCJU

    @stephenfewer

    21 Nov 2025

    12194 Impressions

    50 Retweets

    209 Likes

    69 Bookmarks

    2 Replies

    1 Quote

  27. 🚨 Fortinet FortiWeb Exploitation Alert 🚨 Threat actors are abusing a critical auth-bypass flaw (CVE-2025-64446) to gain admin access, create rogue accounts, alter configs & wipe logs. Check IoCs + mitigation steps in our full advisory 👇 📄 https://t.co/TN316Ffimo

    @sequretek_sqtk

    21 Nov 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Actively exploited CVE : CVE-2025-64446

    @transilienceai

    21 Nov 2025

    30 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  29. 🚨 A new FortiWeb vulnerability, CVE-2025-58034, has emerged just days after the previous Fortinet disclosure and is already being exploited in the wild. While medium in severity, early signals suggest it may be chained with CVE-2025-64446, though no official confirmation has h

    @censysio

    20 Nov 2025

    5409 Impressions

    15 Retweets

    58 Likes

    19 Bookmarks

    0 Replies

    2 Quotes

  30. 🚨 Fortinet FortiWeb Security Advisory [—] Nov 20, 2025 Comprehensive analysis of recent vulnerabilities affecting Fortinet FortiWeb Web Application Firewall, including CVE-2025-64446 and CVE-2025-58034. Checkout our Threat Intelligence Platform:... https://t.co/vX12nHWhJj

    @transilienceai

    20 Nov 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. 🚨Critical Fortinet FortiWeb Zero-Day (CVE-2025-64446) exploited in the wild! Remote command execution through path traversal attacks. No patch yet — lock down your FortiWeb devices NOW. Monitor updates! 🔗https://t.co/brvzTj2JO6 #Fortinet #Cybersecurity https://t.co/eaKg

    @rapidriskradar

    20 Nov 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 🚨 CISA confirma explotación activa de una vulnerabilidad grave en Fortinet FortiWeb (CVE-2025-64446). Miles de sistemas están en riesgo y los atacantes ya están aprovechando esta falla para tomar control de dispositivos. ¿Estas protegido? ✅ ¡No lo ignores! https://t.co

    @M4nticonsuling

    19 Nov 2025

    28 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 🚨Upozorňujeme na aktivně zneužívanou zranitelnost ve Fortinet FortiWeb, CVE-2025-64446. Zranitelnost je způsobená záměnou/procházením cest v komponentě FortiWeb GUI. Útočníci mohou odesílat speciálně vytvořené požadavky HTTP/HTTPS POST na zmanipulované ces

    @GOVCERT_CZ

    19 Nov 2025

    365 Impressions

    2 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  34. #AlertaDeSeguridad ⚠️ Se confirma la explotación activa de la vulnerabilidad CVE-2025-64446 en FortiWeb.🚫 Este fallo crítico permite a los atacantes eludir la autenticación y conseguir el control del WAF en versiones no actualizadas. Conoce el análisis #ColCERT 🔗 h

    @colCERT

    19 Nov 2025

    537 Impressions

    8 Retweets

    11 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 포티넷, 포티웹 취약점 악용 심각…”전 세계 침해 정황 위험” CVE-2025-64446 긴급 경보…CISA, 미 연방기관에 1주일 내 패치 명령 https://t.co/SZLGc2allr

    @rokmc_sns

    18 Nov 2025

    28 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. New #Tenable #Security Research Blog: CVE-2025-64446: #Fortinet FortiWeb Zero-Day Path Traversal Vulnerability Exploited in the Wild https://t.co/lgDBL6wHd3 https://t.co/X6X5ezQN7X

    @pcasano

    18 Nov 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🚨 A Critical Vulnerability exists in Fortinet FortiWeb (CVE-2025-64446). Please see the @ncsc_gov_ie advisory for more information: https://t.co/OVHLLW3YiS

    @ncsc_gov_ie

    18 Nov 2025

    275 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. A critical Fortinet FortiWeb vulnerability capable of remote code execution has been exploited in the wild. Fortinet on Nov. 14 disclosed CVE-2025-64446, a vulnerability in its Web application firewall (WAF) product FortiWeb. https://t.co/MlJIbIi9KH

    @Guardian360nl

    18 Nov 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  39. 🚨 Alerta crítica en #FortiWeb (CVE-2025-64446, CVSS 9.1). Permite a atacantes NO autenticados evadir controles y comprometer el dispositivo completo. El BlueTeam de @CompuNet ya está apoyando en mitigación. 📩 soporte@compunetgroup.net #Ciberseguridad #Fortinet https://t.

    @CompunetChile

    18 Nov 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. ⚠️FortiWeb CVE-2025-64446 post-exploit activity An actor seen exploiting the vulnerability is now actively fetching a path for retrieving backup configs These backups can contain credentials / secrets - this may be a persistence mechanism. 38.60.203.31 🇭🇰 (Kaopu Cl

    @DefusedCyber

    18 Nov 2025

    11082 Impressions

    17 Retweets

    59 Likes

    24 Bookmarks

    3 Replies

    1 Quote

  41. FortiWeb CVE-2025-64446 was added to the CISA KEV—active exploitation confirmed. Patch and check logs ASAP. CISA KEV: https://t.co/gGIKlNqQEP Fortinet PSIRT: https://t.co/t8AUf7E3Z5

    @InfosecDotWatch

    18 Nov 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. CVE-2025-64446: Fortinet FortiWeb Zero-Day Path Traversal Vulnerability Exploited in the Wild https://t.co/477gjADqK8 https://t.co/sWqVSWvzs6

    @secured_cyber

    18 Nov 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. https://t.co/AwHsv4nmJK CVE-2025-64446: FortiWeb Zero-Day Under Active Exploitation. The CrowdSec Network has detected active exploitation of CVE-2025-64446, a path-traversal vulnerability in Fortinet FortiWeb. https://t.co/oXLm6VQ2lK

    @FarVisionNetwks

    18 Nov 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. #Fortinet: Critical vulnerability in Fortinet FortiWeb (CVE-2025-64446), is under active exploitation - CISA adds it to KEV catalog: https://t.co/2a6TpK2iTd

    @securestep9

    18 Nov 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Fortinet FortiWeb'de kritik bir güvenlik açığı (CVE-2025-64446) tespit edildi ve hemen saldırılara maruz kaldı. Bu açıktan etkilenen versiyonlar için acilen güncelleme yapılmalı. Peki, sizler güvenlik açıklarını nasıl takip ediyorsunuz? #güvenlik_açığı ht

    @Siber_Kalkan_

    18 Nov 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. 🚨 In this week's Threat Alert, CrowdSec has detected active exploitation of CVE-2025-64446, a high-severity path traversal vulnerability in Fortinet FortiWeb. Attackers can bypass authentication and target your WAF, putting sensitive systems at risk. Read the full analysis an

    @Crowd_Security

    18 Nov 2025

    244 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. 🚨 @CISACyber gives agencies just 7 days to patch an actively exploited @Fortinet bug (CVE-2025-64446). • Critical 9.1 score • Exploit seen in the wild • Admin-level access possible • Reports of a zero-day being sold on forums • Hundreds of exposed devices spotted onl

    @TechNadu

    18 Nov 2025

    97 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. A fost dezvăluită o vulnerabilitate critică în FortiWeb (CVE-2025-64446) care permite acces cu rol de administrator fără autentificare, iar Fortinet confirmă că este deja exploatată în mediul real. https://t.co/lotu2KXDdT

    @ITMANIATV

    18 Nov 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  49. 🚨 Fortinet FortiWeb Product Security Advisory [—] Nov 18, 2025 Comprehensive analysis of CVE-2025-64446 and its impact on Fortinet FortiWeb, including affected versions, exploitation details, and mitigation strategies. Checkout our Threat Intelligence Platform:... https://t.

    @transilienceai

    18 Nov 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. ✨ FortiWeb admins, CVE-2025-64446 just gate crashed the party- hackers are already sipping champagne inside your network. Slay the flaw: patch to 8.0.2 NOW or ghost HTTP/HTTPS until you’re red-carpet ready. Flawless security is the ultimate glow-up.🎯 @ammarjafri @mansaba

    @ByteCheck101

    18 Nov 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.