CVE-2025-64446

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 7.0.0 through 8.0.1 Fortinet FortiWeb versions 7.2.0 through 7.2.11 Fortinet FortiWeb versions 7.4.0 through 7.4.9 Fortinet FortiWeb versions 7.6.0 through 7.6.4

Description Fortinet FortiWeb contains a relative path traversal vulnerability that may allow a remote, unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. This vulnerability is actively exploited in the wild, with reports of exploitation attempts observed since early October. Attackers can bypass authentication and create administrative accounts, potentially gaining full control of the web application firewall. Hundreds of vulnerable devices have been identified online. The vulnerability involves improper input validation and allows attackers to traverse directories and execute arbitrary code. Exploitation involves sending crafted requests to the

/api/v2.0/cmdb/system/admin/../../../../../cgi-bin/fwbcgi

endpoint.

Recommendations Fortinet FortiWeb versions prior to 8.0.2 are affected. Upgrade to version 8.0.2 or later to address this vulnerability. As a temporary workaround, restrict access to the

/api/v2.0/cmdb/system/admin/../../../../../cgi-bin/fwbcgi

endpoint. Review system logs for any suspicious activity related to administrative account creation or modification. Disable HTTP/HTTPS on internet-facing interfaces if patching is not immediately possible.