+39 055 361018
Contacts

+39 055 361018
Contacts

Critical vulnerability identified in Fortinet

Fortinet logo on a smartphone in front of a defense shield as a symbolic image for antivirus software, anti spam, scam, malware

Fortinet has recently released security updates to address a zero-day vulnerability affecting FortiWeb OS, which has been actively exploited on the network.

Specifically, the vulnerability, tracked as CVE-2025-64446 with a severity rating of “critical”, with a CVSS v3.x score of 9.1 – is a ‘Path Traversal’ type vulnerability caused by incomplete input validation, and could allow malicious users to create privileged users via specially crafted HTTP POST requests to the endpoint URL /api/v2.0/cmdb/system/admin%3F/../../../../.. /cgi-bin/fwbcgi.

Affected products and/or versions

Fortinet FortiWeb OS

  • versions 8.0.0 to 8.0.1
  • versions 7.6.0 to 7.6.4
  • versions 7.4.0 to 7.4.9
  • versions 7.2.0 to 7.2.11
  • versions 7.0.0 to 7.0.11

Read the full article on ACN

Create your account