US EditionFortinet Finally Cops to Critical Bug Under Active Exploit
The flaw lets attackers create local admin accounts on FortiWeb devices without authentication, with attacks originating globally and fixed in version 8.0.2, researchers said.
- On October 6, researchers first observed a Fortinet FortiWeb path traversal flaw being actively exploited to create new administrative users without authentication, and Fortinet released FortiWeb 8.0.2 to fix it, urging administrators to update soon.
- The vulnerability stems from a path traversal at /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi that accepts HTTP POST requests and affects FortiWeb versions 8.0.1 and earlier.
- Evidence shows researchers documented created usernames including Testpoint, trader1, and trader, with passwords like 3eMIXX43, and attacks from IPs such as 107.152.41.19, 144.31.1.63, while watchTowr Labs posted a video demonstrating a successful admin login.
- BleepingComputer reported no matching Fortinet PSIRT disclosure for the exploited flaw and urges administrators to restrict internet access, review logs for fwbcgi requests, and investigate suspicious activity.
- WatchTowr published a tool called "FortiWeb Authentication Bypass Artifact Generator," which attempts to exploit the flaw by creating an 8-character UUID-derived username, raising dual-use risks as attacks grow globally.
13 Articles
13 Articles
CVE-2025-64446: Critical Fortinet FortiWeb Path Traversal Vulnerability Exploited to Create Administrative Accounts
On November 13, 2025, open source reporting began detailing active exploitation of a silently patched Fortinet FortiWeb vulnerability. The flaw is a path traversal issue in the FortiWeb web application firewall (WAF) tha…
Fortinet FortiWeb Auth Bypass (CVE-2025-64446)
A critical authentication bypass vulnerability in Fortinet FortiWeb allows an unauthenticated attacker to add new administrative users on vulnerable appliances. This vulnerability was unknown but actively exploited as early as October, and Fortinet released a security advisory for it on November 14, 2025. The vulnerability was also added to the CISA KEV catalog the same day. Source
CVE-2025-64446 FortiWeb Zero-Day Exploited
Fortinet has released an advisory for a recently disclosed zero-day path traversal vulnerability which has been exploited in the wild. Organizations are urged to patch immediately.BackgroundOn October 6, Defused published an X post regarding an unknown exploit targeting Fortinet devices. Shortly after, several cyber security organizations began investigating and confirming that a new exploit appeared to have silently been fixed in some releases …
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog chayes Nov 14, 2025 Release DateNovember 14, 2025 DescriptionCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.CVE-2025-64446 Fortinet FortiWeb Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. …
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
