Lucene search
K

6 matches found

Rapid7 Blog
Rapid7 Blog
added 2025/11/21 8:52 p.m.15 views

Metasploit Wrap-Up 11/21/2025

CVE-2025-64446 - Fortinet’s FortiWeb exploitation A critical vulnerability in Fortinet’s FortiWeb Web Application Firewall, now assigned CVE-2025-64446 CVSS 9.1, allows unauthenticated attackers to gain full administrator access to the FortiWeb Manager interface and its websocket CLI. The flaw...

9.8CVSS8.2AI score0.89526EPSS
Exploits20
Rapid7 Blog
Rapid7 Blog
added 2025/11/13 9:36 p.m.12 views

CVE-2025-64446: Critical Vulnerability in Fortinet FortiWeb Exploited in the Wild

Overview On October 6, 2025, the cyber deception company Defused published a proof-of-concept exploit on social media that was captured by one of their Fortinet FortiWeb Manager honeypots. FortiWeb is a Web Application Firewall WAF product that is designed to detect and block malicious traffic to...

9.8CVSS7.4AI score0.89526EPSS
Exploits17
BDU FSTEC
BDU FSTEC
added 2024/06/13 12:0 a.m.7 views

The vulnerability of the software for centralized management of FortiWeb Manager firewalls lies in the lack of authentication procedures, which allows a perpetrator to execute arbitrary codes or commands.

The vulnerability of the FortiWeb Manager software for centralized control of network firewalls is related to deficiencies in its authentication procedures. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands or scripts by sending specially crafted HTTP requests o...

6.8CVSS5.9AI score0.00542EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/06/13 12:0 a.m.4 views

The vulnerability of the software for centralized management of FortiWeb Manager firewalls lies in the authentication procedures’ deficiencies, which allow an attacker to gain access to read, modify, or delete data.

The vulnerability of the FortiWeb Manager software for centralized control of network firewalls is related to deficiencies in its authentication procedures. Exploiting this vulnerability could allow an attacker to gain access to read, modify, or delete data by sending specially crafted HTTP...

7.8CVSS5.5AI score0.00439EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/06/13 12:0 a.m.4 views

The vulnerability of the software for centralized management of FortiWeb Manager firewalls lies in the authentication procedures’ deficiencies, which allow an attacker to gain access to read, modify, or delete data.

The vulnerability of the FortiWeb Manager software for centralized control of network firewalls is related to deficiencies in its authentication procedures. Exploiting this vulnerability could allow an attacker to gain access to read, modify, or delete data by sending specially crafted HTTP...

7.8CVSS5.5AI score0.00439EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/02/01 12:0 a.m.4 views

The vulnerability of the software interface of the FortiWeb Manager, a centralized control system for network switches, relates to access control deficiencies, allowing an intruder to gain access to the system using an administrator account.

The vulnerability of the software interface for centralized control of network switches, FortiWeb Manager, is related to the lack of password verification for the admin account. Exploiting this vulnerability could allow a malicious actor, operating remotely and having access to the web interface,...

10CVSS5.5AI score0.0278EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder