Vulnerability fixed in Fortinet FortiWeb

🗓️ 15 Nov 2025 14:57:33Reported by NCSCType

ncsc

ncsc🔗 advisories.ncsc.nl👁 9 Views

FortiWeb CVE-2025-64446 enables unauthenticated remote command execution via crafted HTTP requests.

Reporter	Title	Published	Views	Family All 41
GithubExploit	Exploit for OS Command Injection in Fortinet Fortiweb	4 Mar 202608:31	–	githubexploit
GithubExploit	Exploit for Relative Path Traversal in Fortinet Fortiweb	26 Mar 202611:29	–	githubexploit
GithubExploit	Exploit for Relative Path Traversal in Fortinet Fortiweb	21 Nov 202500:37	–	githubexploit
GithubExploit	Exploit for Relative Path Traversal in Fortinet Fortiweb	18 Nov 202510:25	–	githubexploit
GithubExploit	Exploit for CVE-2025-58034	19 Nov 202509:52	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Fortinet Fortiweb	2 Mar 202614:36	–	githubexploit
Circl	CVE-2025-64446	14 Nov 202515:42	–	circl
CISA KEV Catalog	Fortinet FortiWeb Path Traversal Vulnerability	14 Nov 202500:00	–	cisa_kev
CISA	CISA Adds One Known Exploited Vulnerability to Catalog	14 Nov 202512:00	–	cisa
CISA	Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products	25 Nov 202512:00	–	cisa

Source	Link
blog	www.blog.qualys.com/vulnerabilities-threat-research/2025/11/14/unauthenticated-authentication-bypass-in-fortinet-fortiweb-cve-2025-64446-exploited-in-the-wild
fortiguard	www.fortiguard.fortinet.com/psirt/FG-IR-25-910
github	www.github.com/watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypass
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog
rapid7	www.rapid7.com/blog/post/etr-critical-vulnerability-in-fortinet-fortiweb-exploited-in-the-wild

15 Nov 2025 14:57Current

7High risk

Vulners AI Score7

CVSS 3.19.8

EPSS0.9299

SSVC

FortiWeb CVE-2025-64446 unauthenticated remote command execution crafted requests