CVE-2025-64446

Analyzed

Published: 14 Nov 2025, 15:50

Last modified:14 Jan 2026, 09:16

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.8 CRITICAL

v3.1 (nvd)

EPSS Score

90.08% CRITICAL

90% probability +0.36%

KEV

Listed

CISA

1 listing

Ransomware

No reports

Public exploits

3 found

Dark Web

Not detected

Timeline

14 Nov 2025, 15:50

Published

Vulnerability first disclosed

14 Nov 2025, 00:00

Added to CISA KEV

Fortinet FortiWeb Path Traversal Vulnerability

21 Nov 2025, 00:00

CISA Remediation Due

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

14 Jan 2026, 09:16

Last Modified

Vulnerability information updated

Description

CVSS Metrics

EPSS Trends

Weaknesses (CWE)

KEV Details

Exploits (3)

Affected Systems

References (3)