Fortinet has patched a critical zero-day vulnerability in FortiWeb, which is actively exploited in the wild. This flaw allows unauthenticated attackers to execute malicious commands, prompting urgent patches and mitigation measures. #CVE-2025-64446 #FortiWeb
Keypoints
- Fortinet quickly addressed a zero-day flaw in FortiWeb versions 8.0.1 and earlier.
- The vulnerability enables unauthenticated attackers to create admin accounts via crafted HTTP requests.
- Active exploitation was confirmed, leading Fortinet to release version 8.0.2 with a fix on October 28.
- Federal agencies are instructed to patch the flaw by November 21 to mitigate risks.
- Administrators should restrict access and review logs for suspicious activities related to the vulnerability.