2:56pm, 17 November 2025
TLP Rating:
Active exploitation of vulnerability in FortiWeb Management Interface
A vulnerability in FortiWeb management interface is being actively exploited. This vulnerability has been given a CVSS score of 9.1.
CVE-2025-64446 is a path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via specially crafted HTTP or HTTPS requests.
An upgrade to the latest version is required.
What's happening
Systems affected
The vulnerability affects devices running FortiWeb versions:
- 8.0.0 through 8.0.1
- 7.6.0 through 7.6.4
- 7.4.0 through 7.4.9
- 7.2.0 through 7.2.11
- 7.0.0 through 7.0.11
What this means
Listed FortiWeb versions are vulnerable.
Exploitation of this vulnerability may allow an unauthenticated attacker to execute administrative commands including the creation of admin accounts.
What to look for
How to tell if you're at risk
If you are running a FortiWeb instance within the version range listed above and have the management interface exposed.
What to do
Prevention
To prevent the exploit chain, FortiWeb installations need to be upgraded to:
- 8.0.2 or above
- 7.6.5 or above
- 7.4.10 or above
- 7.2.12 or above
- 7.0.12 or above
Mitigation
Disable HTTP or HTTPS for internet facing interfaces. Fortinet recommends taking this action until an upgrade can be performed.
More information
Read more about this alert on the vendor website Fortinet Security Advisory FG-IR-25-910 External Link .
If you require more information or further support, submit a report on our website:
Report an incident
If you need assistance using the tool, call us on 0800 114 115. Calling us is free within New Zealand. We’re open 7am to 7pm, Monday to Friday, and we’re closed on public holidays.
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.