Fortinet reportedly patched a critical zero-day vulnerability (CVE-2025-64446) in FortiWeb without immediate disclosure, raising concerns about delayed notifications. Recent exploits highlight the risks of silent patching practices and emphasize the importance of prompt communication in cybersecurity. #CVE202564446 #FortiWeb #ZeroDayVulnerability
Keypoints
- Fortinet patched CVE-2025-64446 secretly before officially disclosing it.
- The vulnerability affects multiple FortiWeb versions and enables remote command execution.
- Delayed disclosure may have increased risks for affected organizations.
- Exploits have been observed in the wild, including privilege escalation attacks.
- Fortinet recommends disabling HTTP/HTTPS management interfaces until upgrades are completed.
Read More: https://thecyberexpress.com/fortinet-silent-patch-raises-concern/