Critical Vulnerability Discovered in FortiWeb - Active Attacks Detected

A severe security vulnerability has been discovered in FortiWeb, Fortinet’s web application firewall (WAF) solution. The company has confirmed that the flaw is already being actively exploited and is urging all users to take immediate action.

Security Advisory Details

Fortinet released a security advisory on November 14, 2025, disclosing a path traversal vulnerability tracked as CVE-2025-64446. The vulnerability affects multiple versions of FortiWeb, including branches 8.0, 7.6, 7.4, 7.2, and 7.0, making it a widespread concern for organizations using the platform.

Understanding the Threat

The vulnerability allows attackers to bypass access controls through specially crafted HTTP/HTTPS requests. Once exploited, threat actors can execute commands with administrator privileges, potentially compromising the entire system. Fortinet has confirmed that active exploitation of this vulnerability has already been observed in the wild.

Severity Assessment

Using the Common Vulnerability Scoring System (CVSSv3.1), the vulnerability has been assigned a base score of 9.8 out of 10. Fortinet has classified this as “Critical” – the highest severity rating on their four-tier scale – reflecting the serious nature of the threat and the urgent need for remediation.

Immediate Action Required

Fortinet has released patches to address the vulnerability and is strongly recommending that all affected users upgrade immediately. The vulnerability has been resolved in the following versions:

• FortiWeb 8.0.2 and later
• FortiWeb 7.6.5 and later
• FortiWeb 7.4.10 and later
• FortiWeb 7.2.12 and later
• FortiWeb 7.0.12 and later

Organizations running earlier versions of FortiWeb should prioritize updating to these patched releases or newer versions to protect their systems from potential compromise.