CVE-2025-64446

Analyzed
Published: 14 Nov 2025, 15:50
Last modified:26 Feb 2026, 16:56

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.8 CRITICAL
v3.1 (nvd)
EPSS Score
92.63% CRITICAL
93% probability +3.61%
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
4 found
Dark Web
Not detected

Timeline

14 Nov 2025, 15:50
Published
Vulnerability first disclosed
14 Nov 2025, 00:00
Added to CISA KEV
Fortinet FortiWeb Path Traversal Vulnerability
21 Nov 2025, 00:00
CISA Remediation Due
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
26 Feb 2026, 16:56
Last Modified
Vulnerability information updated

Description

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

CVSS Metrics

  • v3.1CRITICALScore: 9.4CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
  • v3.1CRITICALScore: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 92.63% Percentile: 100%

Techniques & Countermeasures

  • CWE-23Relative Path Traversal

    The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Affected Systems

  • UnknownFortiWeb

    ≥ 7.0.0, < 7.0.12 | ≥ 7.2.0, < 7.2.12 | ≥ 7.4.0, < 7.4.10 | ≥ 7.6.0, < 7.6.5 | ≥ 8.0.0, < 8.0.2 | ≥ 8.0.0, ≤ 8.0.1 | ≥ 7.6.0, ≤ 7.6.4 | ≥ 7.4.0, ≤ 7.4.9 | ≥ 7.2.0, ≤ 7.2.11 | ≥ 7.0.0, ≤ 7.0.11

References (3)