Critical path traversal vulnerability in Fortinet FortiWeb web application firewalls allows remote execution of administrative commands via crafted HTTP/HTTPS requests. Active exploitation is occurring in the wild with attackers creating administrative accounts for persistent access.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2025-11-14
Added to CISA KEV: 2025-11-14 0 DAY BETWEEN CVE AND KEV
Summary (TL;DR) A Fortinet FortiWeb vulnerability is being actively exploited in the wild to create administrative accounts and gain persistent access to Internet-exposed FortiWeb appliances. Public proof-of-concept / exploit activity and weaponized code have appeared, and multiple monitoring/honeypot teams report exploitation since early November 2025. Exploitation yields full administrative ...
Vulnerability Details : CVE-2025-64446 Fortinet FortiWeb Relative Path Traversal Vulnerability Allows Remote Execution of Administrative Commands
CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their ...
Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that could allow an attacker to take over admin accounts and completely compromise a device. "The watchTowr team is seeing active, indiscriminate in-the-wild exploitation of what appears to be a silently patched vulnerability in Fortinet's FortiWeb product," Benjamin Harris ...
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.