Fortinet FortiWeb CVE-2025-64446 patch release
Security Patch Release
Summary
Hide ▲
Show ▼
Fortinet's late-October fix for FortiWeb CVE-2025-64446 matters because the flaw was already used in zero-day attacks and later landed in CISA's actively exploited catalog. The patch addressed an OS command injection issue in FortiWeb that could let an authenticated attacker execute unauthorized code. CISA then pushed federal agencies to complete remediation by November 21, 2025.
Related Happenings
CISA orders FCEB patching for CVE-2026-9082
Public Sector Action
First: 26.05.2026 11:46
Last: 26.05.2026 11:46
Sources 1
About this happening:
**CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...
CISA orders FCEB patching for CVE-2026-9082
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...
Fortinet security patch release for CVE-2026-44277
Security Patch Release
First: 12.05.2026 21:23
Last: 12.05.2026 21:23
Sources 1
About this happening:
Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...
Fortinet security patch release for CVE-2026-44277
Security Patch ReleaseAbout this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector Action
First: 03.05.2026 09:26
Last: 03.05.2026 09:26
Sources 1
About this happening:
CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector ActionAbout this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch Release
First: 07.04.2026 12:26
Last: 07.04.2026 12:26
Sources 1
About this happening:
**Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch ReleaseAbout this happening: **Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...
CISA KEV listing and FCEB patch order for CVE-2026-35616
Public Sector Action
First: 06.04.2026 19:02
Last: 06.04.2026 19:02
Sources 1
About this happening:
**CISA** added **CVE-2026-35616** to the **KEV Catalog** and ordered **FCEB agencies** to patch **FortiClient EMS** by **Thursday midnight, April 9**. The mandate matters because...
CISA KEV listing and FCEB patch order for CVE-2026-35616
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-35616** to the **KEV Catalog** and ordered **FCEB agencies** to patch **FortiClient EMS** by **Thursday midnight, April 9**. The mandate matters because...
Timeline
-
19.11.2025 15:44 2 articles · 6mo ago
Fortinet FortiWeb CVE-2025-64446 patch release
Initial DisclosureFortinet quietly patched **CVE-2025-64446** in **FortiWeb** in **late October 2025** after the flaw was used in **zero-day attacks**. The release gained urgency when CISA later classified the issue as actively exploited and set a federal patch deadline.
Show sources
- CISA gives govt agencies 7 days to patch new Fortinet flaw — www.bleepingcomputer.com — 19.11.2025 15:44
- CISA gives govt agencies 7 days to patch new Fortinet flaw — www.bleepingcomputer.com — 19.11.2025 15:44