US Cyber Agency Alerts on Fortinet FortiWeb Vulnerability Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a grave warning regarding the active exploitation of a vulnerability within Fortinet’s FortiWeb web application firewall. This exploit, identified as CVE-2025-64446, has garnered significant concern from security experts and industry professionals alike.
Last week, analysts from the cybersecurity firm watchTowr raised alarms over the increasing incidence of exploitation linked to an authentication bypass vulnerability in Fortinet’s FortiWeb products.
“As per our observations, it’s another Thursday, and our team continues to witness rampant exploitation of what seems to be a quietly patched vulnerability in Fortinet’s FortiWeb,” remarked watchTowr’s CEO, Benjamin Harris, on November 14.
Discovered in version 8.0.2, this vulnerability allows malicious actors to execute actions as a privileged user, with reported instances of exploitation focusing on establishing a new administrator account, thus providing a convenient foothold for attackers.
At the time of the initial warning, watchTowr awaited a definitive response from Fortinet but cautioned that any unpatched appliances were likely compromised.
Over the weekend, Fortinet officially acknowledged the vulnerability and its ongoing exploitation. CISA acted promptly, incorporating CVE-2025-64446 into its Known Exploited Vulnerabilities Catalog and disseminating Fortinet’s advisory.
“CISA is cognizant of the exploitation of the newly disclosed vulnerability, CVE-2025-64446, within Fortinet FortiWeb,” stated the agency on November 15.
This particular vulnerability—classified under the CWE-23 standard as a relative path traversal flaw—may enable unauthenticated malicious entities to execute administrative commands on affected systems via specifically crafted HTTP or HTTPS requests.
The vulnerability exists across various versions of FortiWeb products, including:
- 8.0.0 through 8.0.1
- 7.6.0 through 7.6.4
- 7.4.0 through 7.4.9
- 7.2.0 through 7.2.11
- 7.0.0 through 7.0.11
Both CISA and Fortinet strongly recommend that affected systems be upgraded immediately. For those unable to perform updates promptly, they advise disabling HTTP or HTTPS for internet-facing interfaces.
However, CISA cautions that while such measures may mitigate risk, they do not eliminate it altogether.
“Upgrading the affected systems is imperative and the singular method to fully remediate this vulnerability,” CISA emphasized.
Source link: Cybersecurityconnect.com.au.
