Relative Path Traversal Vulnerability in Fortinet FortiWeb Products
CVE-2025-64446
Key Information:
Badges
What is CVE-2025-64446?
CVE-2025-64446 is a significant vulnerability affecting various versions of Fortinet’s FortiWeb products, which are designed to provide web application security, including features like web application firewalls and bot management. This specific vulnerability pertains to a relative path traversal flaw that can be exploited by attackers to execute administrative commands on the affected systems. The risk associated with this vulnerability is considerable, as it allows unauthorized users to potentially gain control over critical security settings and configurations, thereby compromising the integrity and availability of the applications the FortiWeb products are meant to protect. The vulnerable versions include FortiWeb 8.0.0 through 8.0.1, and several previous versions down to 7.0.0.
Potential impact of CVE-2025-64446
-
Unauthorized Access and Control: Exploitation of this vulnerability allows attackers to run administrative commands, potentially granting them complete control over the FortiWeb products and the applications they protect. This could lead to unauthorized access to sensitive data.
-
Compromise of Application Security: Since FortiWeb is a security solution, a successful attack could undermine the protection it provides, leaving web applications exposed to additional threats, including data breaches and malicious attacks.
-
Potential for Broader Network Exploitation: Gaining access through this vulnerability may enable attackers to pivot to other systems within the network, increasing the risk of a wider compromise, which could lead to significant operational disruption and data loss.
CISA has reported CVE-2025-64446
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-64446 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
FortiWeb 8.0.0 <= 8.0.1
FortiWeb 7.6.0 <= 7.6.4
FortiWeb 7.4.0 <= 7.4.9
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
GBHackers NewsMetasploit Releases New Exploit for Fresh FortiWeb 0-Day Vulnerabilities
A Zero-day vulnerabilities in Fortinet's FortiWeb web application firewall, chaining two security flaws to achieve unauthenticated RCE.
2 weeks ago
Metasploit Adds Exploit Module for Recently Disclosed FortiWeb 0-Day Vulnerabilities
The Metasploit Framework has introduced a new exploit module targeting critical vulnerabilities in Fortinet's FortiWeb Web Application Firewall (WAF).
2 weeks ago
CyberSecurityNewsMetasploit Adds Exploit Module for Recently Disclosed FortiWeb 0-Day Vulnerabilities
The Metasploit Framework has introduced a new exploit module targeting critical vulnerabilities in Fortinet's FortiWeb Web Application Firewall (WAF).
2 weeks ago
References
EPSS Score
87% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 🟡
Public PoC available
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by SecurityWeek
Vulnerability published
Vulnerability Reserved