CVE-2025-64446: 
Fortinet FortiWeb vulnerability analysis and mitigation

A relative path traversal vulnerability (CVE-2025-64446) was discovered in Fortinet FortiWeb web application firewall (WAF) affecting multiple versions including FortiWeb 8.0.0 through 8.0.1, 7.6.0 through 7.6.4, 7.4.0 through 7.4.9, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11. The vulnerability was disclosed on November 14, 2025, and allows an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests (Fortinet PSIRT, CISA Alert).

The vulnerability consists of two main components: a path traversal vulnerability and an authentication bypass. The path traversal allows attackers to reach the fwbcgi binary through a specially crafted URI, while the authentication bypass enables impersonation of administrative users through manipulation of the CGIINFO header. The vulnerability has received a CVSS v3.1 base score of 9.8 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating its severe nature (WatchTowr Labs, Fortinet PSIRT).

The vulnerability allows attackers to execute administrative commands, create unauthorized administrative accounts, and potentially gain complete control over the vulnerable FortiWeb appliance. Due to FortiWeb's integration with other Fortinet products, successful exploitation could provide access to additional systems and data (Arctic Wolf).

Fortinet has released patches for all affected versions and strongly recommends upgrading to the following versions: FortiWeb 8.0.2 or above, 7.6.5 or above, 7.4.10 or above, 7.2.12 or above, and 7.0.12 or above. As a temporary workaround, organizations should disable HTTP or HTTPS for internet-facing interfaces until the upgrade can be performed. Post-upgrade, administrators should review their configuration and logs for unexpected modifications or unauthorized administrator accounts (Fortinet PSIRT).