Find notable cyber news and cases, enriched with sources, timelines, and signals.

FortiWeb path confusion zero-day (CVE-2025-64446)

Vulnerability
First reported
Last updated
Happening score
H score 43
2 unique sources, 2 articles

Summary

Hide ▲

FortiWeb systems faced an actively exploited zero-day that lets unauthenticated attackers execute administrative commands on Internet-exposed unpatched devices. The flaw, tracked as CVE-2025-64446, raises immediate risk of admin account creation and unauthorized control through crafted HTTP or HTTPS requests. Fortinet said it has silently patched the issue, making version upgrades the key defense.

Related Happenings

Fortinet FortiSandbox multi-CVE exploitation wave

Exploitation Wave
H score49 First: 16.06.2026 12:19 Last: 16.06.2026 12:19 Sources 1

About this happening: **Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...

FortiClient EMS CVE-2026-35616 exploitation wave

Exploitation Wave
H score56 First: 28.05.2026 18:26 Last: 28.05.2026 18:26 Sources 1

About this happening: **CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
H score38 First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
H score53 First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Fortinet FortiCloud SSO mitigation guidance

Advisory/Mitigation
H score51 First: 28.01.2026 01:19 Last: 28.01.2026 01:19 Sources 1

About this happening: **Fortinet** advised customers to **restrict administrative access** and **disable FortiCloud SSO** to reduce abuse of an **actively exploited** authentication bypass affecting de...

Timeline

  1. 14.11.2025 19:00 2 articles · 7mo ago

    Defused identifies active FortiWeb exploitation

    Exploitation Observed

    Defused identified attacks against Internet-exposed FortiWeb devices on October 6, 2025, and published proof-of-concept details showing an unknown Fortinet exploit being used to send HTTP POST requests to a FortiWeb endpoint in order to create local admin-level accounts.

    Show sources
  2. 14.11.2025 19:00 2 articles · 7mo ago

    watchTowr Labs demos a FortiWeb exploit tool

    Technical Analysis Update

    watchTowr Labs security researchers demoed an exploit on Thursday, 2025-11-13, and released the FortiWeb Authentication Bypass Artifact Generator to help defenders identify vulnerable FortiWeb devices.

    Show sources
  3. 14.11.2025 19:00 3 articles · 7mo ago

    Fortinet confirms active FortiWeb exploitation and silent patch

    Initial Disclosure

    Fortinet said its FortiWeb web application firewall is being actively exploited in the wild under CVE-2025-64446, a path confusion vulnerability in the GUI component that lets unauthenticated attackers execute administrative commands on unpatched systems through crafted HTTP or HTTPS requests. Fortinet also said the zero-day was silently patched in FortiWeb 8.0.2, with affected customers needing to upgrade to FortiWeb 8.0.2 or later, including 7.6.5, 7.4.10, 7.2.12, and 7.0.12 for older release lines.

    Show sources
  4. 14.11.2025 19:00 1 articles · 7mo ago

    CISA adds CVE-2025-64446 to the actively exploited catalog

    Legal Policy Action Update

    CISA added CVE-2025-64446 to its catalog of actively exploited vulnerabilities on Friday and ordered U.S. federal agencies to patch their systems by November 21, 2025.

    Show sources
  5. 14.11.2025 19:00 2 articles · 7mo ago

    Defused identifies active FortiWeb exploitation

    Exploitation Observed

    Defused identified attacks against Internet-exposed FortiWeb devices on October 6, 2025, and published proof-of-concept details showing an unknown Fortinet exploit being used to send HTTP POST requests to a FortiWeb endpoint in order to create local admin-level accounts.

    Show sources
  6. 14.11.2025 19:00 2 articles · 7mo ago

    watchTowr Labs demos a FortiWeb exploit tool

    Technical Analysis Update

    watchTowr Labs security researchers demoed an exploit on Thursday, 2025-11-13, and released the FortiWeb Authentication Bypass Artifact Generator to help defenders identify vulnerable FortiWeb devices.

    Show sources
  7. 14.11.2025 19:00 3 articles · 7mo ago

    Fortinet confirms active FortiWeb exploitation and silent patch

    Initial Disclosure

    Fortinet said its FortiWeb web application firewall is being actively exploited in the wild under CVE-2025-64446, a path confusion vulnerability in the GUI component that lets unauthenticated attackers execute administrative commands on unpatched systems through crafted HTTP or HTTPS requests. Fortinet also said the zero-day was silently patched in FortiWeb 8.0.2, with affected customers needing to upgrade to FortiWeb 8.0.2 or later, including 7.6.5, 7.4.10, 7.2.12, and 7.0.12 for older release lines.

    Show sources