CVE-2025-64446

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb versions 7.0.0 through 8.0.1

Description: A relative path traversal vulnerability exists in Fortinet FortiWeb versions 7.0.0 through 8.0.1. This flaw allows an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. The vulnerability involves bypassing authentication and potentially gaining full administrative control. Active exploitation of this vulnerability has been observed, with reports indicating it has been exploited in the wild since early October. Hundreds of vulnerable devices have been identified online, and the vulnerability is being actively discussed and exploited in cybersecurity communities. The vulnerability allows attackers to create new administrative accounts, potentially leading to full system compromise. The vulnerability is related to improper handling of file paths and can be exploited by sending specially crafted requests to the /api/v2.0/cmdb/system/admin endpoint. The vulnerability has been assigned a CVSS score of 9.1.

Recommendations: Update FortiWeb to version 8.0.2 or later. If an immediate update is not possible, restrict access to the affected API endpoints. Review system logs for any suspicious activity. Monitor for exploit attempts using honeypots. Disable HTTP/HTTPS on internet-facing interfaces as a temporary mitigation.