CVE-2025-64446

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 7.0.0 through 8.0.1 Fortinet FortiWeb versions 7.2.0 through 7.2.11 Fortinet FortiWeb versions 7.4.0 through 7.4.9 Fortinet FortiWeb versions 7.6.0 through 7.6.4

Description Fortinet FortiWeb is affected by a relative path traversal vulnerability that allows attackers to execute administrative commands on the system via crafted HTTP or HTTPS requests. This vulnerability is actively exploited in the wild, with reports of a proof-of-concept exploit tool being released on GitHub. Attackers can bypass authentication and create administrative user accounts, potentially gaining full control over the web management panel and WebSocket CLI. The vulnerability is related to errors in the handling of relative file paths within the CGI components of FortiWeb. Exploitation involves sending specifically crafted requests to the

/api/v2.0/cmdb/system/admin/../../../../../cgi-bin/fwbcgi

endpoint. Hundreds of vulnerable devices have been identified online, and the vulnerability is being actively exploited by threat actors. The vulnerability has a CVSS score of 9.1 or 9.8 depending on the source.

Recommendations Fortinet FortiWeb versions 7.0.0 through 7.0.11: Apply the latest security updates as soon as possible. Fortinet FortiWeb versions 7.2.0 through 7.2.11: Apply the latest security updates as soon as possible. Fortinet FortiWeb versions 7.4.0 through 7.4.9: Apply the latest security updates as soon as possible. Fortinet FortiWeb versions 7.6.0 through 7.6.4: Apply the latest security updates as soon as possible. Fortinet FortiWeb versions 8.0.0 through 8.0.1: Upgrade to version 8.0.2 or later. As a temporary workaround, block requests to the

/api/v..

paths containing directory traversal attempts (../). Monitor for and review recently created user accounts for any suspicious activity. Check for access to the

/fwbcgi

endpoint from external networks.