FortiWeb path confusion zero-day (CVE-2025-64446)
Vulnerability
Summary
Hide ▲
Show ▼
FortiWeb systems faced an actively exploited zero-day that lets unauthenticated attackers execute administrative commands on Internet-exposed unpatched devices. The flaw, tracked as CVE-2025-64446, raises immediate risk of admin account creation and unauthorized control through crafted HTTP or HTTPS requests. Fortinet said it has silently patched the issue, making version upgrades the key defense.
Related Happenings
Fortinet FortiSandbox multi-CVE exploitation wave
Exploitation Wave
H score49
First: 16.06.2026 12:19
Last: 16.06.2026 12:19
Sources 1
About this happening:
**Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...
Fortinet FortiSandbox multi-CVE exploitation wave
Exploitation WaveAbout this happening: **Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...
FortiClient EMS CVE-2026-35616 exploitation wave
Exploitation Wave
H score56
First: 28.05.2026 18:26
Last: 28.05.2026 18:26
Sources 1
About this happening:
**CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...
FortiClient EMS CVE-2026-35616 exploitation wave
Exploitation WaveAbout this happening: **CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector Action
H score38
First: 17.03.2026 07:23
Last: 17.03.2026 07:23
Sources 1
About this happening:
CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector ActionAbout this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector Action
H score53
First: 04.02.2026 07:50
Last: 04.02.2026 07:50
Sources 1
About this happening:
**CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector ActionAbout this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
Fortinet FortiCloud SSO mitigation guidance
Advisory/Mitigation
H score51
First: 28.01.2026 01:19
Last: 28.01.2026 01:19
Sources 1
About this happening:
**Fortinet** advised customers to **restrict administrative access** and **disable FortiCloud SSO** to reduce abuse of an **actively exploited** authentication bypass affecting de...
Fortinet FortiCloud SSO mitigation guidance
Advisory/MitigationAbout this happening: **Fortinet** advised customers to **restrict administrative access** and **disable FortiCloud SSO** to reduce abuse of an **actively exploited** authentication bypass affecting de...
Timeline
-
14.11.2025 19:00 2 articles · 7mo ago
Defused identifies active FortiWeb exploitation
Exploitation ObservedDefused identified attacks against Internet-exposed FortiWeb devices on October 6, 2025, and published proof-of-concept details showing an unknown Fortinet exploit being used to send HTTP POST requests to a FortiWeb endpoint in order to create local admin-level accounts.
Show sources
- Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks — www.bleepingcomputer.com — 14.11.2025 19:00
- Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability — www.securityweek.com — 14.11.2025 22:17
-
14.11.2025 19:00 2 articles · 7mo ago
watchTowr Labs demos a FortiWeb exploit tool
Technical Analysis UpdatewatchTowr Labs security researchers demoed an exploit on Thursday, 2025-11-13, and released the FortiWeb Authentication Bypass Artifact Generator to help defenders identify vulnerable FortiWeb devices.
Show sources
- Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks — www.bleepingcomputer.com — 14.11.2025 19:00
- Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability — www.securityweek.com — 14.11.2025 22:17
-
14.11.2025 19:00 3 articles · 7mo ago
Fortinet confirms active FortiWeb exploitation and silent patch
Initial DisclosureFortinet said its FortiWeb web application firewall is being actively exploited in the wild under CVE-2025-64446, a path confusion vulnerability in the GUI component that lets unauthenticated attackers execute administrative commands on unpatched systems through crafted HTTP or HTTPS requests. Fortinet also said the zero-day was silently patched in FortiWeb 8.0.2, with affected customers needing to upgrade to FortiWeb 8.0.2 or later, including 7.6.5, 7.4.10, 7.2.12, and 7.0.12 for older release lines.
Show sources
- Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks — www.bleepingcomputer.com — 14.11.2025 19:00
- Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability — www.securityweek.com — 14.11.2025 22:17
- Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability — www.securityweek.com — 14.11.2025 22:17
-
14.11.2025 19:00 1 articles · 7mo ago
CISA adds CVE-2025-64446 to the actively exploited catalog
Legal Policy Action UpdateCISA added CVE-2025-64446 to its catalog of actively exploited vulnerabilities on Friday and ordered U.S. federal agencies to patch their systems by November 21, 2025.
Show sources
- Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks — www.bleepingcomputer.com — 14.11.2025 19:00
-
14.11.2025 19:00 2 articles · 7mo ago
Defused identifies active FortiWeb exploitation
Exploitation ObservedDefused identified attacks against Internet-exposed FortiWeb devices on October 6, 2025, and published proof-of-concept details showing an unknown Fortinet exploit being used to send HTTP POST requests to a FortiWeb endpoint in order to create local admin-level accounts.
Show sources
- Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks — www.bleepingcomputer.com — 14.11.2025 19:00
- Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability — www.securityweek.com — 14.11.2025 22:17
-
14.11.2025 19:00 2 articles · 7mo ago
watchTowr Labs demos a FortiWeb exploit tool
Technical Analysis UpdatewatchTowr Labs security researchers demoed an exploit on Thursday, 2025-11-13, and released the FortiWeb Authentication Bypass Artifact Generator to help defenders identify vulnerable FortiWeb devices.
Show sources
- Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks — www.bleepingcomputer.com — 14.11.2025 19:00
- Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability — www.securityweek.com — 14.11.2025 22:17
-
14.11.2025 19:00 3 articles · 7mo ago
Fortinet confirms active FortiWeb exploitation and silent patch
Initial DisclosureFortinet said its FortiWeb web application firewall is being actively exploited in the wild under CVE-2025-64446, a path confusion vulnerability in the GUI component that lets unauthenticated attackers execute administrative commands on unpatched systems through crafted HTTP or HTTPS requests. Fortinet also said the zero-day was silently patched in FortiWeb 8.0.2, with affected customers needing to upgrade to FortiWeb 8.0.2 or later, including 7.6.5, 7.4.10, 7.2.12, and 7.0.12 for older release lines.
Show sources
- Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks — www.bleepingcomputer.com — 14.11.2025 19:00
- Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability — www.securityweek.com — 14.11.2025 22:17
- Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability — www.securityweek.com — 14.11.2025 22:17