CVE-2025-64446
Description
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
In plain language
AI Act nowCVE-2025-64446 is a Fortinet FortiWeb flaw that lets an attacker send specially crafted web requests to take over administrative functions without a login; typical small businesses using FortiWeb should treat this as urgently dangerous and patch immediately if the system is reachable from the internet.
CVE-2025-64446 is a CWE-23 relative path traversal in Fortinet FortiWeb that can be triggered by unauthenticated HTTP/HTTPS requests to reach functionality that results in execution of administrative commands; CISA has it listed in KEV and it is being actively exploited in the wild.
What to do now
- Check whether your Fortinet FortiWeb (fortiweb) version is within the affected ranges (8.0.0–8.0.1, 7.6.0–7.6.4, 7.4.0–7.4.9, 7.2.0–7.2.11, 7.0.0–7.0.11).
- If it is affected, plan an upgrade immediately to one of the fixed versions: 8.0.2 or above, 7.6.5 or above, 7.4.10 or above, 7.2.12 or above, or 7.0.12.
- If you cannot upgrade right away, restrict FortiWeb so it is not reachable from the public internet over HTTP/HTTPS, and follow Fortinet mitigation guidance for this specific issue.
- After upgrading, monitor FortiWeb logs for signs of attempted exploitation (suspicious HTTP/HTTPS requests related to this activity) and confirm normal administrative access behavior.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.
View exploit detailsAttack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
- Малварь ChocoPoC распространяется под видом фальшивых эксплоитовru-ru·Хакер (xakep.ru)·
- New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Reposen·The Hacker News·
- ChocoPoc malware delivered via trojanized exploits on GitHuben-us·BleepingComputer·
- New ChocoPoC malware targets researchers via trojanized PoC exploitsen-us·BleepingComputer·
- When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb Auth. Bypass CVE-2025-64446)en·watchTowr Labs·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2025-64446 and every CVE in our database. Create a free account — no credit card required.
Create Free Account