Cybersecurity Vulnerabilities

FortiWeb Under Attack: Critical Path Traversal Vulnerability (CVE-2025-64446)

November 14, 2025 - By 

Overview

A critical security vulnerability, identified as CVE-2025-64446, has been discovered in Fortinet FortiWeb. This vulnerability is a relative path traversal flaw that could allow an attacker to execute administrative commands on the affected system. The vulnerability impacts several versions of FortiWeb, specifically versions 8.0.0 through 8.0.1, 7.6.0 through 7.6.4, 7.4.0 through 7.4.9, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11.

Technical Details

CVE-2025-64446 is a relative path traversal vulnerability. This means an attacker can manipulate file paths within HTTP or HTTPS requests to access restricted directories and potentially execute administrative commands. The attacker can craft malicious requests that navigate outside the intended web server root directory. By using sequences like ../ in the URL, an attacker can access and modify sensitive system files or execute arbitrary code with administrative privileges.

CVSS Analysis

  • CVE ID: CVE-2025-64446
  • Published: 2025-11-14T16:15:58.567
  • Severity: CRITICAL
  • CVSS Score: 9.8

A CVSS score of 9.8 indicates the highest level of severity. This means the vulnerability is easily exploitable, requires no user interaction, and could result in complete system compromise.

Possible Impact

The impact of exploiting CVE-2025-64446 is significant. An attacker could:

  • Gain full administrative control of the FortiWeb appliance.
  • Modify system configurations.
  • Steal sensitive data.
  • Install malware or backdoors.
  • Disrupt services and cause denial-of-service (DoS) conditions.

Mitigation and Patch Steps

Fortinet has released patches to address this vulnerability. It is strongly recommended that users of affected FortiWeb versions upgrade to the latest available firmware as soon as possible. The recommended steps are:

  1. Identify the FortiWeb version currently in use.
  2. Visit the Fortinet support portal.
  3. Download and install the latest available patch or firmware version that addresses CVE-2025-64446.
  4. Carefully follow the upgrade instructions provided by Fortinet.
  5. After upgrading, verify the system’s functionality and security.

In addition to patching, consider implementing the following best practices:

  • Regularly monitor FortiWeb logs for suspicious activity.
  • Enforce strong access controls and authentication mechanisms.
  • Implement a web application firewall (WAF) with updated rules to detect and block path traversal attempts.

References

Fortinet Advisory FG-IR-25-910

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *