CVE-2025-64446

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 7.0.0 through 8.0.1 Fortinet FortiWeb versions 7.2.0 through 7.2.11 Fortinet FortiWeb versions 7.4.0 through 7.4.9 Fortinet FortiWeb versions 7.6.0 through 7.6.4

Description Fortinet FortiWeb contains a relative path traversal vulnerability that may allow a remote, unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. This vulnerability allows attackers to bypass authentication and potentially gain full administrative control over the WAF. Exploitation has been observed in the wild, with reports indicating the vulnerability is being actively exploited to create malicious administrative accounts, alter configurations, and potentially steal sensitive information. Hundreds of vulnerable devices have been identified online, and the vulnerability is being actively discussed and exploited by threat actors. The vulnerability is related to improper input validation in the handling of file paths, specifically within the

cgi auth()

and

cgi process()

functions. Attackers can leverage this flaw to access restricted resources and execute arbitrary commands.

Recommendations Fortinet FortiWeb versions 7.0.0 through 7.0.11: Apply the latest security patches immediately. Fortinet FortiWeb versions 7.2.0 through 7.2.11: Apply the latest security patches immediately. Fortinet FortiWeb versions 7.4.0 through 7.4.9: Apply the latest security patches immediately. Fortinet FortiWeb versions 7.6.0 through 7.6.4: Apply the latest security patches immediately. Fortinet FortiWeb versions 8.0.0 through 8.0.1: Upgrade to version 8.0.2 or later. Review admin activity logs for any suspicious or unauthorized access attempts. Disable HTTP/HTTPS on internet-facing interfaces if patching is not immediately feasible. Implement strict network segmentation to limit the potential impact of a successful exploit.