CVE-2025-64446

Published Nov 14, 2025

Last updated 3 hours ago

Exploit knownCVSS critical 9.8
Fortinet
FortiWeb

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-64446 is a relative path traversal vulnerability affecting Fortinet FortiWeb versions 8.0.0 through 8.0.1, 7.6.0 through 7.6.4, 7.4.0 through 7.4.9, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11. It can be exploited by sending crafted HTTP or HTTPS requests. This vulnerability allows remote, unauthenticated attackers to gain administrative access to the web application firewall appliances. Specifically, the vulnerability can be exploited by sending an HTTP POST request to `/api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi` with a payload designed to create an administrative account. Successful exploitation allows an attacker with no prior access to gain administrator-level access to the FortiWeb Manager panel and websocket command-line interface.

Description
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Source
psirt@fortinet.com
NVD status
Analyzed
Products
fortiweb

Insights

Analysis from the Intruder Security Team
Published Nov 14, 2025 Updated Nov 14, 2025

This exploit was picked up by Defused as early as October 20th where it was thought to be a variant of CVE-2022-40684. However, Fortinet have confirmed that this is a new vulnerability and have assigned this CVE to the vulnerability. This vulnerability takes advantage of both a path traversal (/api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi) and an auth bypass via the cookie CGIINFO.

Fortinet offer little information within their disclosure, and until today there was no patching information as mentioned within watchTowr's article. The infosec community has collated some IOC's which can be found here. This vulnerability has been actively exploited to create a new administrative user, any instances of Fortiweb that have exposed the web GUI to the internet should be considered compromised.

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Fortinet FortiWeb Path Traversal Vulnerability
Exploit added on
Nov 14, 2025
Exploit action due
Nov 21, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@fortinet.com
CWE-23

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

31

  1. A critical @Fortinet FortiWeb auth bypass (CVE-2025-64446) is being actively exploited, giving attackers control of vulnerable devices. @CISAgov has added it to the KEV with a Nov 21 deadline. Learn about the exploit, affected versions, & mitigation steps: https://t.co/hAPvlI

    @qualys

    15 Nov 2025

    176 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Fortinet、FortiWebゼロデイCVE-2025-64446大量悪用を修正 https://t.co/h2pc7Q61Io #Security #セキュリティー #ニュース

    @SecureShield_

    14 Nov 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-64446 - Root cause and exploit for FortiWeb Unauthenticated RCE via Path Traversal and CGI Auth Bypass #Pruva reproduction for the fortiweb unauth RCE Report: https://t.co/8RrWZkyq3o Advs: https://t.co/nP5Tz98IA3 https://t.co/qNmnxSK86J

    @N3mes1s

    14 Nov 2025

    171 Impressions

    2 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨Fortinet FortiWeb Unauthenticated Access Vulnerability (CVE-2025-64446)🚨 A critical unauthenticated access vulnerability in Fortinet’s FortiWeb WAF is being actively exploited and has recently been assigned a CVE. Attackers can create admin accounts and gain full https:

    @censysio

    14 Nov 2025

    4802 Impressions

    10 Retweets

    34 Likes

    12 Bookmarks

    0 Replies

    2 Quotes

  5. Malicious cyber actors are exploiting a newly disclosed Fortinet FortiWeb path traversal vulnerability, CVE-2025-64446. We urge organizations to implement Fortinet’s guidance immediately by applying upgrades or disabling HTTP/HTTPS services. Learn more 👉 https://t.co/GSY4BgT

    @CISACyber

    14 Nov 2025

    6095 Impressions

    27 Retweets

    70 Likes

    13 Bookmarks

    1 Reply

    1 Quote

  6. 🚨 CVE-2025-64446 - critical 🚨 FortiWeb - Authentication Bypass > A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, For... 👾 https://t.co/Db8mc0Cu6W @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    14 Nov 2025

    27 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 A previously unknown Fortinet FortiWeb vulnerability — now tracked as CVE-2025-64446 — has been under active exploitation since at least October. Today, Fortinet officially confirmed the flaw, issued an advisory with affected and patched versions, and shortly after, it w

    @Horizon3ai

    14 Nov 2025

    103 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. csirt_it: ‼️ #Exploited #Fortinet: rilevato lo sfruttamento attivo della vulnerabilità 0-day CVE-2025-64446 di tipo Authentication Bypass Rischio: 🔴 Tipologia 🔸 Authentication Bypass 🔗 https://t.co/hzeaDXTbnN ⚠️ Mitigazioni disponibili https://t.co/uYGhE6ZaX

    @Vulcanux_

    14 Nov 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. ‼️ #Exploited #Fortinet: rilevato lo sfruttamento attivo della vulnerabilità 0-day CVE-2025-64446 di tipo Authentication Bypass Rischio: 🔴 Tipologia 🔸 Authentication Bypass 🔗 https://t.co/wTmTVuvfor ⚠️ Mitigazioni disponibili https://t.co/3J2C8vJIAR

    @csirt_it

    14 Nov 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 On 10/6/25, an exploit was published around a new vuln that allows an attacker to gain admin-level access to the #Fortinet FortiWeb Manager panel & websocket CLI. Today, 11/14, Fortinet PSIRT published CVE-2025-64446 and an official advisory. Read on: https://t.co/6J

    @rapid7

    14 Nov 2025

    1032 Impressions

    3 Retweets

    5 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  11. KVEに登録、要注意 --- Path confusion vulnerability in GUI| FortiGuard → https://t.co/pBX82IaqcF Severity Critical CVSSv39.1 CISA Adds One Known Exploited Vulnerability to Catalog | CISA → https://t.co/2TQIs6lIrF CVE-2025-64446 Fortinet FortiWeb Path Traversal Vulnera

    @ripjyr

    14 Nov 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. We added Fortinet FortiWeb path traversal vulnerability CVE-2025-64446 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/okZl7pm6Jj

    @CISACyber

    14 Nov 2025

    6970 Impressions

    21 Retweets

    42 Likes

    7 Bookmarks

    3 Replies

    1 Quote

  13. Active FortiWeb exploitation has been well-covered already by @DefusedCyber, @CERTCyberdef, @watchtowrcyber, @cyb3rops, and more. But the big question is why on earth CVE-2025-64446 was silently patched to begin with. https://t.co/S1qCBcEVJE

    @catc0n

    14 Nov 2025

    2466 Impressions

    6 Retweets

    26 Likes

    4 Bookmarks

    0 Replies

    1 Quote

  14. [CVE-2025-64446: CRITICAL] Security alert: Fortinet FortiWeb versions 8.0.0 through 8.0.1, 7.6.0 through 7.6.4, 7.4.0 through 7.4.9, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11 vulnerable to relative path...#cve,CVE-2025-64446,#cybersecurity https://t.co/vAVRkuG9ov https://t.c

    @CveFindCom

    14 Nov 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2025-64446 describes a **relative path traversal vulnerability** in various versions of Fortinet FortiWeb web application firewall (WAF) software. Path traversal vulnerabilities occur when an attacker manipulates input to access files or directories outside the intended

    @CveTodo

    14 Nov 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.