CVE-2025-64446: 
Fortinet FortiWeb Schwachstellenanalyse und -minderung

A relative path traversal vulnerability (CVE-2025-64446) was discovered in Fortinet FortiWeb web application firewall affecting multiple versions including FortiWeb 8.0.0 through 8.0.1, 7.6.0 through 7.6.4, 7.4.0 through 7.4.9, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11. The vulnerability was disclosed on November 14, 2025, and has been observed being actively exploited in the wild (Fortinet PSIRT, CISA Alert).

The vulnerability consists of two main components: a path traversal vulnerability and an authentication bypass. The flaw allows an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. The technical exploitation involves sending specially crafted requests to /api/v2.0/cmdb/system/admin with path traversal elements that can bypass authentication mechanisms. The vulnerability has received a CVSS v3.1 base score of 9.8 (Critical) and is classified as CWE-23: Relative Path Traversal (WatchTowr Labs, Fortinet PSIRT).

The successful exploitation of this vulnerability allows attackers to execute administrative commands on the affected system, potentially leading to complete system compromise. Attackers can create unauthorized administrative accounts, gaining persistent access to the vulnerable appliance and potentially using it as a stepping stone for further network intrusion (Arctic Wolf, CISA Alert).

Fortinet has released patches for all affected versions and strongly recommends upgrading to the following versions: FortiWeb 8.0.2 or above, 7.6.5 or above, 7.4.10 or above, 7.2.12 or above, and 7.0.12 or above. As a temporary workaround, organizations should disable HTTP or HTTPS for internet-facing interfaces until patches can be applied. After upgrading, administrators should review their configuration and logs for unexpected modifications or unauthorized administrator accounts (Fortinet PSIRT).