CVE-2025-64446

Analyzed
Published: 14 Nov 2025, 16:15
Last modified:21 Nov 2025, 18:27

Vulnerability Summary

Overall Risk
Critical Risk
93/100
AI Analysis
Emergency
Requires Immediate Action
AI Detection
Active in Wild
Exploitation Detected
CVSS Score
9.8 CRITICAL
CVSS v3.1 (PSIRT)
EPSS Score
70.44% CRITICAL
70% probability 0.00%
CISA KEV
Listed
Fortinet
Ransomware
Known Use
Exploits
1 found
Dark Web
Activity detected
Telegram
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Source Identifier: psirt@fortinet.com
CVSSSourceSeverityExploit.ImpactVector
v4.0n/a
v3.1psirt@fortinet.com9.8 CRITICAL3.95.9
CVSS:3.1/AV:N/AC:L/PR:N/U...
v3.0n/a
v2.0n/a
66.90%
Current Score
0.00%
98%ile
Percentile Rank
0.00%
Loading chart...
Loading chart...
Relative Path Traversal CWE-23
Description:The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Vulnerability Name:Fortinet FortiWeb Path Traversal Vulnerability
Added to CISA Catalog:14 Nov 2025, 00:00
Action Due:21 Nov 2025, 00:00
Known Ransomware: Ransomware
Required Action:Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Telegram Activity Detected
This vulnerability has been mentioned in monitored Telegram channels, indicating potential threat actor interest.
metasploitauxiliaryVerified
Authors: Defused, sfewer-r7
Published: 14 Nov 2025, 00:00
Updated: 14 Nov 2025, 17:06
This auxiliary module exploits an authentication bypass via path traversal vulnerability in the Fortinet FortiWeb management interface to create a new local administrator user account. This vulnerability affects the following versions: * FortiWeb 8.0.0 through 8.0.1 (Patched in 8.0.2 and above) * FortiWeb 7.6.0 through 7.6.4 (Patched in 7.6.5 and above) * FortiWeb 7.4.0 through 7.4.9 (Patched in 7.4.10 and above) * FortiWeb 7.2.0 through 7.2.11 (Patched in 7.2.12 and above) * FortiWeb 7.0.0 through 7.0.11 (Patched in 7.0.12 and above)
CVE-2025-64446x.com/defusedcyber/status/1975242250373517373github.com/watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypasspwndefend.com/2025/11/13/suspected-fortinet-zero-day-exploited-in-the-wild/rapid7.com/blog/post/etr-critical-vulnerability-in-fortinet-fortiweb-exploited-in-the-wild/fortiguard.com/psirt/FG-IR-25-910

Affected Configurations (CPE)

fortinet fortiwebVulnerable
Version: *
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
fortinet fortiwebVulnerable
Version: *
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
fortinet fortiwebVulnerable
Version: *
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
fortinet fortiwebVulnerable
Version: *
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
fortinet fortiwebVulnerable
Version: *
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
URLTagsSource
https://fortiguard.fortinet.com/psirt/FG-IR-25-910vendor advisorypsirt@fortinet.com
https://github.com/nu11secur1ty/CVE-mitre/tree/main/2025/CVE-2025-64446/8.0.0-af854a3a-2127-422b-91ae-364da2661108
https://github.com/nu11secur1ty/CVE-mitre/tree/main/2025/CVE-2025-64446/8.0.0exploitthird party advisoryaf854a3a-2127-422b-91ae-364da2661108
https://github.com/watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypassexploitthird party advisory134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-64446us government resource134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.patreon.com/posts/cve-2025-64446-8-143791801-af854a3a-2127-422b-91ae-364da2661108
https://www.patreon.com/posts/cve-2025-64446-8-143791801exploitaf854a3a-2127-422b-91ae-364da2661108
© 2025 CveMate. All rights reserved.v0.1.4