Find notable cyber news and cases, enriched with sources, timelines, and signals.

Fortinet FortiWeb CVE-2025-64446 patch release

Security Patch Release
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

Fortinet's late-October fix for FortiWeb CVE-2025-64446 matters because the flaw was already used in zero-day attacks and later landed in CISA's actively exploited catalog. The patch addressed an OS command injection issue in FortiWeb that could let an authenticated attacker execute unauthorized code. CISA then pushed federal agencies to complete remediation by November 21, 2025.

Related Happenings

CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server

Public Sector Action
H score35 First: 26.06.2026 22:43 Last: 26.06.2026 22:43 Sources 1

About this happening: CISA ordered **federal agencies** to patch **CVE-2026-20230** in **Cisco Unified Communications Manager Server** by **June 28**, tightening exposure around an **actively exploited...

CISA BOD 26-04 three-day remediation directive

Public Sector Action
H score36 First: 24.06.2026 17:35 Last: 24.06.2026 17:35 Sources 1

About this happening: CISA's **BOD 26-04** requires **federal agencies** to apply available security updates or vendor-recommended mitigations within **three days**, accelerating remediation for **acti...

CISA warning on FortiBleed for FortiGate customers

Public Sector Action
H score89 First: 19.06.2026 17:00 Last: 19.06.2026 17:00 Sources 1

About this happening: **CISA** warned **Fortinet** customers with **FortiGate appliances** to secure exposed systems against ongoing malicious activity tied to **FortiBleed**. The activity had reached...

CISA orders FCEB Ivanti Sentry remediation under BOD 26-04

Public Sector Action
H score36 First: 12.06.2026 11:26 Last: 12.06.2026 11:26 Sources 1

About this happening: **CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...

CISA BOD 26-04 remediation requirements

Advisory/Mitigation
H score31 First: 11.06.2026 15:46 Last: 11.06.2026 15:46 Sources 1

About this happening: CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...

Timeline

  1. 19.11.2025 15:44 2 articles · 7mo ago

    Fortinet FortiWeb CVE-2025-64446 patch release

    Initial Disclosure

    Fortinet quietly patched **CVE-2025-64446** in **FortiWeb** in **late October 2025** after the flaw was used in **zero-day attacks**. The release gained urgency when CISA later classified the issue as actively exploited and set a federal patch deadline.

    Show sources