US Cyber Agency Warns on Fortinet FortiWeb Path Flaw Exploitation

US Cyber Agency Alerts on Ongoing Exploitation of Fortinet FortiWeb Path Traversal Flaw

Last updated on November 17, 2025November 17, 2025 by RS Web Solutions on Categories Internet & Cybersecurity

US Cyber Agency Alerts on Fortinet FortiWeb Vulnerability Exploitation

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a grave warning regarding the active exploitation of a vulnerability within Fortinet’s FortiWeb web application firewall. This exploit, identified as CVE-2025-64446, has garnered significant concern from security experts and industry professionals alike.

Last week, analysts from the cybersecurity firm watchTowr raised alarms over the increasing incidence of exploitation linked to an authentication bypass vulnerability in Fortinet’s FortiWeb products.

“As per our observations, it’s another Thursday, and our team continues to witness rampant exploitation of what seems to be a quietly patched vulnerability in Fortinet’s FortiWeb,” remarked watchTowr’s CEO, Benjamin Harris, on November 14.

Discovered in version 8.0.2, this vulnerability allows malicious actors to execute actions as a privileged user, with reported instances of exploitation focusing on establishing a new administrator account, thus providing a convenient foothold for attackers.

At the time of the initial warning, watchTowr awaited a definitive response from Fortinet but cautioned that any unpatched appliances were likely compromised.

Over the weekend, Fortinet officially acknowledged the vulnerability and its ongoing exploitation. CISA acted promptly, incorporating CVE-2025-64446 into its Known Exploited Vulnerabilities Catalog and disseminating Fortinet’s advisory.

“CISA is cognizant of the exploitation of the newly disclosed vulnerability, CVE-2025-64446, within Fortinet FortiWeb,” stated the agency on November 15.

This particular vulnerability—classified under the CWE-23 standard as a relative path traversal flaw—may enable unauthenticated malicious entities to execute administrative commands on affected systems via specifically crafted HTTP or HTTPS requests.

The vulnerability exists across various versions of FortiWeb products, including:

8.0.0 through 8.0.1
7.6.0 through 7.6.4
7.4.0 through 7.4.9
7.2.0 through 7.2.11
7.0.0 through 7.0.11

Both CISA and Fortinet strongly recommend that affected systems be upgraded immediately. For those unable to perform updates promptly, they advise disabling HTTP or HTTPS for internet-facing interfaces.

However, CISA cautions that while such measures may mitigate risk, they do not eliminate it altogether.

“Upgrading the affected systems is imperative and the singular method to fully remediate this vulnerability,” CISA emphasized.

Source link: Cybersecurityconnect.com.au.

Disclosure: This article is for general information only and is based on publicly available sources. We aim for accuracy but can't guarantee it. The views expressed are the author's and may not reflect those of the publication. Some content was created with help from AI and reviewed by a human for clarity and accuracy. We value transparency and encourage readers to verify important details. This article may include affiliate links. If you buy something through them, we may earn a small commission — at no extra cost to you. All information is carefully selected and reviewed to ensure it's helpful and trustworthy.

Reported By

RS Web Solutions

We provide the best tutorials, reviews, and recommendations on all technology and open-source web-related topics. Surf our site to extend your knowledge base on the latest web trends.