Cybersecurity experts warn about a critical authentication bypass vulnerability in Fortinet Fortiweb WAF, which has been actively exploited in the wild to create unauthorized admin accounts. Organizations using vulnerable versions are urged to patch immediately to prevent device compromise. #FortiwebWAF #authenticationbypass
Keypoints
- The vulnerability exists in Fortinet Fortiweb WAF and was patched in version 8.0.2.
- Attackers are exploiting the flaw to add admin accounts and maintain persistence.
- Proof-of-concept tools and payloads are actively circulating among threat actors.
- Unpatched devices are at high risk of compromise, with ongoing in-the-wild exploitation.
- Fortinet has not yet issued a CVE or official security advisory regarding this vulnerability.
Read More: https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html