Fortinet warns of a critical vulnerability in FortiWeb (CVE-2025-64446) that attackers are actively exploiting to gain remote administrative access. Cybersecurity agencies and firms urge immediate patching to prevent widespread compromise. #FortiWeb #CVE202564446
Keypoints
- The vulnerability CVE-2025-64446 affects multiple versions of FortiWeb, including versions prior to 8.0.2.
- Attackers can exploit a path traversal and authentication bypass to create admin accounts remotely.
- Multiple security firms have linked ongoing attacks to the use of exploit code in the wild.
- Federal agencies are mandated to patch this vulnerability within three weeks per CISA guidelines.
- Fortinet recommends disabling HTTP/HTTPS access to vulnerable interfaces until patches are applied.