Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

FortiWeb path confusion zero-day (CVE-2025-64446)

Vulnerability
First reported
Last updated
Happening score
H score 53
2 unique sources, 2 articles

Summary

Hide ▲

FortiWeb systems faced an actively exploited zero-day that lets unauthenticated attackers execute administrative commands on Internet-exposed unpatched devices. The flaw, tracked as CVE-2025-64446, raises immediate risk of admin account creation and unauthorized control through crafted HTTP or HTTPS requests. Fortinet said it has silently patched the issue, making version upgrades the key defense.

Related Happenings

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Open Happening

Fortinet FortiCloud SSO mitigation guidance

Advisory/Mitigation
First: 28.01.2026 01:19 Last: 28.01.2026 01:19 Sources 1

About this happening: **Fortinet** advised customers to **restrict administrative access** and **disable FortiCloud SSO** to reduce abuse of an **actively exploited** authentication bypass affecting de...

Open Happening

Fortinet CVE-2025-59718 mitigation guidance

Advisory/Mitigation
First: 23.01.2026 12:39 Last: 23.01.2026 12:39 Sources 1

About this happening: **Fortinet** told customers to immediately harden **FortiCloud SSO** exposure for **CVE-2025-59718**, because attackers are still abusing the flaw against **fully patched firewall...

Open Happening

FortiGate SSL VPN active 2FA bypass (CVE-2020-12812)

Vulnerability
First: 02.01.2026 18:01 Last: 02.01.2026 18:01 Sources 1

About this happening: **Fortinet** says **CVE-2020-12812** is still being **actively exploited**, leaving **over 10,000 Fortinet firewalls** exposed to a **2FA bypass** risk. The weakness affects **For...

Open Happening

Timeline

  1. 14.11.2025 19:00 2 articles · 6mo ago

    Defused identifies active FortiWeb exploitation

    Exploitation Observed

    Defused identified attacks against Internet-exposed FortiWeb devices on October 6, 2025, and published proof-of-concept details showing an unknown Fortinet exploit being used to send HTTP POST requests to a FortiWeb endpoint in order to create local admin-level accounts.

    Show sources
    Open in new tab
  2. 14.11.2025 19:00 2 articles · 6mo ago

    watchTowr Labs demos a FortiWeb exploit tool

    Technical Analysis Update

    watchTowr Labs security researchers demoed an exploit on Thursday, 2025-11-13, and released the FortiWeb Authentication Bypass Artifact Generator to help defenders identify vulnerable FortiWeb devices.

    Show sources
    Open in new tab
  3. 14.11.2025 19:00 3 articles · 6mo ago

    Fortinet confirms active FortiWeb exploitation and silent patch

    Initial Disclosure

    Fortinet said its FortiWeb web application firewall is being actively exploited in the wild under CVE-2025-64446, a path confusion vulnerability in the GUI component that lets unauthenticated attackers execute administrative commands on unpatched systems through crafted HTTP or HTTPS requests. Fortinet also said the zero-day was silently patched in FortiWeb 8.0.2, with affected customers needing to upgrade to FortiWeb 8.0.2 or later, including 7.6.5, 7.4.10, 7.2.12, and 7.0.12 for older release lines.

    Show sources
    Open in new tab
  4. 14.11.2025 19:00 1 articles · 6mo ago

    CISA adds CVE-2025-64446 to the actively exploited catalog

    Legal Policy Action Update

    CISA added CVE-2025-64446 to its catalog of actively exploited vulnerabilities on Friday and ordered U.S. federal agencies to patch their systems by November 21, 2025.

    Show sources
    Open in new tab
  5. 14.11.2025 19:00 2 articles · 6mo ago

    Defused identifies active FortiWeb exploitation

    Exploitation Observed

    Defused identified attacks against Internet-exposed FortiWeb devices on October 6, 2025, and published proof-of-concept details showing an unknown Fortinet exploit being used to send HTTP POST requests to a FortiWeb endpoint in order to create local admin-level accounts.

    Show sources
    Open in new tab
  6. 14.11.2025 19:00 2 articles · 6mo ago

    watchTowr Labs demos a FortiWeb exploit tool

    Technical Analysis Update

    watchTowr Labs security researchers demoed an exploit on Thursday, 2025-11-13, and released the FortiWeb Authentication Bypass Artifact Generator to help defenders identify vulnerable FortiWeb devices.

    Show sources
    Open in new tab
  7. 14.11.2025 19:00 3 articles · 6mo ago

    Fortinet confirms active FortiWeb exploitation and silent patch

    Initial Disclosure

    Fortinet said its FortiWeb web application firewall is being actively exploited in the wild under CVE-2025-64446, a path confusion vulnerability in the GUI component that lets unauthenticated attackers execute administrative commands on unpatched systems through crafted HTTP or HTTPS requests. Fortinet also said the zero-day was silently patched in FortiWeb 8.0.2, with affected customers needing to upgrade to FortiWeb 8.0.2 or later, including 7.6.5, 7.4.10, 7.2.12, and 7.0.12 for older release lines.

    Show sources
    Open in new tab