Hackers are actively exploiting a critical vulnerability in Fortinet’s FortiWeb devices, prompting urgent patching requirements from CISA and Fortinet. This widespread exploitation highlights the ongoing cybersecurity risks associated with outdated web application firewalls. #Fortinet #CVE2025-64446
Keypoints
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a seven-day deadline for patching the vulnerability CVE-2025-64446 in Fortinet devices.
- The vulnerability is rated as critical with a severity score of 9.1 out of 10 and affects FortiWeb web application firewalls widely used by large organizations and governments.
- Active exploitation has been observed in the wild, with attackers often adding new administrator accounts for persistence.
- Cybersecurity firms reported the sale of a zero-day exploit targeting FortiWeb on cybercriminal forums.
- Experts warn that many Fortinet devices remain vulnerable, emphasizing the importance of timely updates and vigilance for cybersecurity defenses.
Read More: https://therecord.media/fortinet-fortiweb-vulnerability-cisa-advisory