CVE-2025-64446

Published Nov 14, 2025

Last updated a month ago

Exploit knownCVSS critical 9.8
Fortinet
FortiWeb

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-64446 is a relative path traversal vulnerability affecting Fortinet FortiWeb versions 8.0.0 through 8.0.1, 7.6.0 through 7.6.4, 7.4.0 through 7.4.9, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11. It can be exploited by sending crafted HTTP or HTTPS requests. This vulnerability allows remote, unauthenticated attackers to gain administrative access to the web application firewall appliances. Specifically, the vulnerability can be exploited by sending an HTTP POST request to `/api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi` with a payload designed to create an administrative account. Successful exploitation allows an attacker with no prior access to gain administrator-level access to the FortiWeb Manager panel and websocket command-line interface.

Description
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Source
psirt@fortinet.com
NVD status
Analyzed
Products
fortiweb

Insights

Analysis from the Intruder Security Team
Published Nov 14, 2025 Updated Nov 16, 2025

This exploit was picked up by Defused as early as October 2nd where it was thought to be a variant of CVE-2022-40684. However, Fortinet have confirmed that this is a new vulnerability and have assigned this CVE to the vulnerability. This vulnerability takes advantage of both a path traversal (/api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi) and an auth bypass via the cookie CGIINFO.

Fortinet offer little information within their disclosure, and until today there was no patching information as mentioned within watchTowr's article. The infosec community has collated some IOC's which can be found here. This vulnerability has been actively exploited to create a new administrative user, any instances of Fortiweb that have exposed the web GUI to the internet should be considered compromised.

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Fortinet FortiWeb Path Traversal Vulnerability
Exploit added on
Nov 14, 2025
Exploit action due
Nov 21, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@fortinet.com
CWE-23

Social media

Hype score
Not currently trending

  1. ⚠️We are observing elevated Fortinet exploit activity from various TOR exit nodes The exploit traffic is a mix of recent exploits like CVE-2025-64446 and credential stuffing attempts using legitimate-looking credentials Associated IP addresses 199.195.253.180 204.8.96.179

    @DefusedCyber

    2 Jan 2026

    4048 Impressions

    7 Retweets

    35 Likes

    12 Bookmarks

    2 Replies

    2 Quotes

  2. 🔔 Update: Fortinet has assigned CVE-2025-64446 (CVSS 9.1) — a path traversal flaw letting attackers run admin commands via crafted HTTP/S requests. CISA added it to KEV — deadline: Nov 21. Exploited in the wild. https://t.co/eif7UQsvBk

    @CarterJames6660

    22 Dec 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Fortinet reportó dos fallas críticas en FortiWeb: CVE-2025-64446, un Relative Path Traversal que permite ejecutar comandos vía HTTP/HTTPS, y la vulnerabilidad CVE-2025-58034. Mas información: https://t.co/jr8OYpTM9v #PorUnEcuadorCiberseguro @Arcotel_ec @CsirtCEDIA @CsirtEPN

    @EcuCERT_EC

    4 Dec 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. FortiWeb alert: two exploited flaws, path traversal (CVE-2025-64446) and OS command injection (CVE-2025-58034), also affect unsupported 6.x. Silent patching hampered defenders. Thoughts? #FortiWeb_vulnerabilidades_explotadas https://t.co/h16Bx0JYj0

    @CyberDailyPost

    2 Dec 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Fortinet FortiWeb below 8.0.2 was affected by CVE-2025-64446, a critical auth-bypass flaw. Attackers can send crafted HTTP requests to gain admin access, potentially taking full control of the WAF. Update immediately and review admin activity. Read more: https://t.co/LIkdNi7Pjs

    @wazuh

    2 Dec 2025

    306 Impressions

    6 Retweets

    9 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Actor exploiting CVE-2025-64446 (FortiWeb path traversal vulnerability) from AS 4847 🇨🇳 ( China Networks Inter-Exchange ) 0/95 Detections on VT 🟢 Link to event 👇 https://t.co/SXb8esRZFb

    @DefusedCyber

    2 Dec 2025

    1894 Impressions

    6 Retweets

    25 Likes

    5 Bookmarks

    1 Reply

    0 Quotes

  7. CVE-2025-64446: Fortinet FortiWeb Zero-Day Path Traversal Vulnerability Exploited in the Wild https://t.co/pUy95Y6eAI https://t.co/nthaJbK2gX

    @IT_Peurico

    28 Nov 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2025-64446

    @transilienceai

    27 Nov 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. 🛡️ FortiWeb just got stronger! Our latest WAF update bolsters protection against authentication bypass vulnerabilities (CVE-2025-64446) & enhances PHP Wrapper Injection detection. Improved coverage & blocking for your sites. 💪 https://t.co/UKpcTgYd1T

    @CFchangelog

    26 Nov 2025

    367 Impressions

    0 Retweets

    10 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Warning: Two critical vulnerabilities in #Fortinet #Fortiweb are actively exploited. CVE-2025-58034 and CVE-2025-64446 can be chained together to achieve remote code execution. Check our updated advisories https://t.co/GboGlwR20Q & https://t.co/Bic3EKtppP #RCE! #Patch #Patch

    @CCBalert

    26 Nov 2025

    210 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 FortiWeb’s Silent Breach Window: A Deep Dive Into #CVE-2025-64446 and the Threat of Admin Impersonation https://t.co/wQNfS2GLjd

    @UndercodeNews

    25 Nov 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Cloudflare has released new WAF rule addressing the following CVE to enhance customer protection. Fortinet FortiWeb - Auth Bypass (CVE-2025-64446) https://t.co/QfKGvYFDrg

    @Cloudforce_One

    24 Nov 2025

    1615 Impressions

    2 Retweets

    11 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  13. A critical @Fortinet FortiWeb auth bypass (CVE-2025-64446) is being actively exploited, giving attackers control of vulnerable devices. @CISAgov has added it to the KEV with a Nov 21 deadline. Learn about the exploit, affected versions, & mitigation steps. https://t.co/rzxDwE

    @CyberPhilipR

    24 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Actively exploited CVE : CVE-2025-64446

    @transilienceai

    24 Nov 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. ❗Fortinet FortiWeb 제로데이(CVE-2025-64446) 실시간 악용 중 상대 경로 조작으로 관리자 인증 우회 → 장비 완전 장악이 가능한 제로데이가 10월 초부터 적극 악용되고 있습니다. Criminal IP 분석 기준 871개 FortiWeb 인스턴스

    @CriminalIP_KR

    24 Nov 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. ❗Fortinet FortiWebゼロデイ(CVE-2025-64446)、リアルタイムで悪用されています❗​ 相対パス操作によって管理者認証をバイパスし、機器を完全に掌握できるゼロデイが、10月上旬から積極的に悪用されています

    @CriminalIP_JP

    24 Nov 2025

    159 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  17. 🚨 Fortinet FortiWeb Zero-Day (CVE-2025-64446) Actively Exploited 🚨​ A critical path-traversal authentication bypass flaw is being weaponized in the wild since early October, allowing attackers to skip admin auth and fully compromise vulnerable appliances.​ 🔎 871 C

    @CriminalIP_US

    24 Nov 2025

    189 Impressions

    0 Retweets

    1 Like

    2 Bookmarks

    0 Replies

    0 Quotes

  18. Alert: Metasploit releases exploit module for critical FortiWeb vulnerabilities (CVE-2025-64446 & CVE-2025-58034). Immediate patching to version 8.0.2+ is crucial. Link: https://t.co/Ek87OAERvg #Security #Exploit #Vulnerabilities #Cyber #Patch #Fortinet #Updates #Hacking http

    @dailytechonx

    23 Nov 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 CVE-2025-64446 – FortiWeb Zero-Day Path Traversal RCE CVE-2025-64446 – FortiWeb Zero-Day Path Traversal RCE Fortinet's FortiWeb has a critical zero-day path traversal vulnerability allowing unauthenticated remote code execution. What's brutal: attackers exploit impro

    @the_c_protocol

    23 Nov 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🚨 New #Metasploit module just weaponized two FortiWeb 0-days — CVE-2025-64446 & CVE-2025-58034. Attackers can now go from no auth → full root RCE in seconds. Read More: https://t.co/DgOgJG3nAt #CyberSecurity #Fortinet #Canada #CanadaCyberAwareness https://t.co/oSTL

    @FindSecCyber

    23 Nov 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb Auth. Bypass CVE-2025-64446) https://t.co/qrN5yAvTpW

    @marktsec46065

    23 Nov 2025

    55 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  22. MetasploitにFortiWebの例のゼロデイ脆弱性に対応するモジュールが追加された。CVE-2025-64446とCVE-2025-58034を連鎖させて遠隔コード実行を可能とするるもの。exploit/linux/http/fortinet_fortiweb_rce名義。 https://t.co/iQAM1txuQG

    @__kokumoto

    23 Nov 2025

    2474 Impressions

    2 Retweets

    37 Likes

    13 Bookmarks

    0 Replies

    0 Quotes

  23. 🚩 Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability https://t.co/X17lv1a5vd CVE-2025-64446 (CVSS 9.1), a path traversal flaw in FortiWeb WAF, allows unauthenticated attackers to execute administrative commands and create admin accounts via crafted

    @Huntio

    22 Nov 2025

    980 Impressions

    4 Retweets

    7 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  24. exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034) https://t.co/sunlFe4r1S

    @tdatwja

    22 Nov 2025

    189 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 🧵 🚨 BREAKING: FortiWeb WAFs under ACTIVE zero-day attack Two critical vulns being exploited in the wild: • CVE-2025-58034 • CVE-2025-64446 (auth bypass) CISA says patch in 7 days. Here's what you need to know 👇 https://t.co/W0C6VVFLHa #CyberSecurity #ZeroDa https:/

    @nxtgen579255

    22 Nov 2025

    2 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Vulnérabilité dans Fortinet FortiWeb (14 novembre 2025) — Une vulnérabilité a été découverte dans Fortinet FortiWeb. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité. Fortinet indique que la vulnérabilité CVE-2025-64446 est active

    @RotateKeys

    22 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Actively exploited CVE : CVE-2025-64446

    @transilienceai

    22 Nov 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. We now have a (draft) @metasploit exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: https://t.co/Xh15JybxsC https://t.co/n7sMp6qCJU

    @stephenfewer

    21 Nov 2025

    12194 Impressions

    50 Retweets

    209 Likes

    69 Bookmarks

    2 Replies

    1 Quote

  29. 🚨 Fortinet FortiWeb Exploitation Alert 🚨 Threat actors are abusing a critical auth-bypass flaw (CVE-2025-64446) to gain admin access, create rogue accounts, alter configs & wipe logs. Check IoCs + mitigation steps in our full advisory 👇 📄 https://t.co/TN316Ffimo

    @sequretek_sqtk

    21 Nov 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Actively exploited CVE : CVE-2025-64446

    @transilienceai

    21 Nov 2025

    30 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  31. 🚨 A new FortiWeb vulnerability, CVE-2025-58034, has emerged just days after the previous Fortinet disclosure and is already being exploited in the wild. While medium in severity, early signals suggest it may be chained with CVE-2025-64446, though no official confirmation has h

    @censysio

    20 Nov 2025

    5409 Impressions

    15 Retweets

    58 Likes

    19 Bookmarks

    0 Replies

    2 Quotes

  32. 🚨 Fortinet FortiWeb Security Advisory [—] Nov 20, 2025 Comprehensive analysis of recent vulnerabilities affecting Fortinet FortiWeb Web Application Firewall, including CVE-2025-64446 and CVE-2025-58034. Checkout our Threat Intelligence Platform:... https://t.co/vX12nHWhJj

    @transilienceai

    20 Nov 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 🚨Critical Fortinet FortiWeb Zero-Day (CVE-2025-64446) exploited in the wild! Remote command execution through path traversal attacks. No patch yet — lock down your FortiWeb devices NOW. Monitor updates! 🔗https://t.co/brvzTj2JO6 #Fortinet #Cybersecurity https://t.co/eaKg

    @rapidriskradar

    20 Nov 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 🚨 CISA confirma explotación activa de una vulnerabilidad grave en Fortinet FortiWeb (CVE-2025-64446). Miles de sistemas están en riesgo y los atacantes ya están aprovechando esta falla para tomar control de dispositivos. ¿Estas protegido? ✅ ¡No lo ignores! https://t.co

    @M4nticonsuling

    19 Nov 2025

    28 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 🚨Upozorňujeme na aktivně zneužívanou zranitelnost ve Fortinet FortiWeb, CVE-2025-64446. Zranitelnost je způsobená záměnou/procházením cest v komponentě FortiWeb GUI. Útočníci mohou odesílat speciálně vytvořené požadavky HTTP/HTTPS POST na zmanipulované ces

    @GOVCERT_CZ

    19 Nov 2025

    365 Impressions

    2 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  36. #AlertaDeSeguridad ⚠️ Se confirma la explotación activa de la vulnerabilidad CVE-2025-64446 en FortiWeb.🚫 Este fallo crítico permite a los atacantes eludir la autenticación y conseguir el control del WAF en versiones no actualizadas. Conoce el análisis #ColCERT 🔗 h

    @colCERT

    19 Nov 2025

    537 Impressions

    8 Retweets

    11 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 포티넷, 포티웹 취약점 악용 심각…”전 세계 침해 정황 위험” CVE-2025-64446 긴급 경보…CISA, 미 연방기관에 1주일 내 패치 명령 https://t.co/SZLGc2allr

    @rokmc_sns

    18 Nov 2025

    28 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. New #Tenable #Security Research Blog: CVE-2025-64446: #Fortinet FortiWeb Zero-Day Path Traversal Vulnerability Exploited in the Wild https://t.co/lgDBL6wHd3 https://t.co/X6X5ezQN7X

    @pcasano

    18 Nov 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. 🚨 A Critical Vulnerability exists in Fortinet FortiWeb (CVE-2025-64446). Please see the @ncsc_gov_ie advisory for more information: https://t.co/OVHLLW3YiS

    @ncsc_gov_ie

    18 Nov 2025

    275 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. A critical Fortinet FortiWeb vulnerability capable of remote code execution has been exploited in the wild. Fortinet on Nov. 14 disclosed CVE-2025-64446, a vulnerability in its Web application firewall (WAF) product FortiWeb. https://t.co/MlJIbIi9KH

    @Guardian360nl

    18 Nov 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  41. 🚨 Alerta crítica en #FortiWeb (CVE-2025-64446, CVSS 9.1). Permite a atacantes NO autenticados evadir controles y comprometer el dispositivo completo. El BlueTeam de @CompuNet ya está apoyando en mitigación. 📩 soporte@compunetgroup.net #Ciberseguridad #Fortinet https://t.

    @CompunetChile

    18 Nov 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. ⚠️FortiWeb CVE-2025-64446 post-exploit activity An actor seen exploiting the vulnerability is now actively fetching a path for retrieving backup configs These backups can contain credentials / secrets - this may be a persistence mechanism. 38.60.203.31 🇭🇰 (Kaopu Cl

    @DefusedCyber

    18 Nov 2025

    11082 Impressions

    17 Retweets

    59 Likes

    24 Bookmarks

    3 Replies

    1 Quote

  43. FortiWeb CVE-2025-64446 was added to the CISA KEV—active exploitation confirmed. Patch and check logs ASAP. CISA KEV: https://t.co/gGIKlNqQEP Fortinet PSIRT: https://t.co/t8AUf7E3Z5

    @InfosecDotWatch

    18 Nov 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. CVE-2025-64446: Fortinet FortiWeb Zero-Day Path Traversal Vulnerability Exploited in the Wild https://t.co/477gjADqK8 https://t.co/sWqVSWvzs6

    @secured_cyber

    18 Nov 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. https://t.co/AwHsv4nmJK CVE-2025-64446: FortiWeb Zero-Day Under Active Exploitation. The CrowdSec Network has detected active exploitation of CVE-2025-64446, a path-traversal vulnerability in Fortinet FortiWeb. https://t.co/oXLm6VQ2lK

    @FarVisionNetwks

    18 Nov 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. #Fortinet: Critical vulnerability in Fortinet FortiWeb (CVE-2025-64446), is under active exploitation - CISA adds it to KEV catalog: https://t.co/2a6TpK2iTd

    @securestep9

    18 Nov 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Fortinet FortiWeb'de kritik bir güvenlik açığı (CVE-2025-64446) tespit edildi ve hemen saldırılara maruz kaldı. Bu açıktan etkilenen versiyonlar için acilen güncelleme yapılmalı. Peki, sizler güvenlik açıklarını nasıl takip ediyorsunuz? #güvenlik_açığı ht

    @Siber_Kalkan_

    18 Nov 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 🚨 In this week's Threat Alert, CrowdSec has detected active exploitation of CVE-2025-64446, a high-severity path traversal vulnerability in Fortinet FortiWeb. Attackers can bypass authentication and target your WAF, putting sensitive systems at risk. Read the full analysis an

    @Crowd_Security

    18 Nov 2025

    244 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. 🚨 @CISACyber gives agencies just 7 days to patch an actively exploited @Fortinet bug (CVE-2025-64446). • Critical 9.1 score • Exploit seen in the wild • Admin-level access possible • Reports of a zero-day being sold on forums • Hundreds of exposed devices spotted onl

    @TechNadu

    18 Nov 2025

    97 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. A fost dezvăluită o vulnerabilitate critică în FortiWeb (CVE-2025-64446) care permite acces cu rol de administrator fără autentificare, iar Fortinet confirmă că este deja exploatată în mediul real. https://t.co/lotu2KXDdT

    @ITMANIATV

    18 Nov 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.