CVE-2025-64446

CVSS 9.4 CRITICALEPSS 89.5%● KEVCWE-23

In short

FortiWeb has a path traversal flaw that lets attackers bypass security restrictions and run admin commands on the system by sending specially crafted web requests. This is critical because it gives attackers full control over the web application firewall.

Technical detail

A relative path traversal vulnerability (CWE-23) in affected FortiWeb versions allows unauthenticated or low-privileged attackers to manipulate file paths in HTTP/HTTPS requests to access restricted administrative functions and execute arbitrary commands with elevated privileges. The vulnerability affects versions 7.0.0-7.0.11, 7.2.0-7.2.11, 7.4.0-7.4.9, 7.6.0-7.6.4, and 8.0.0-8.0.1, with attack vector over the network requiring no user interaction.

Summary generated and translated by AI from the official description.

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

Affected products

Fortinet · FortiWeb

public PoCs found — 15

githubgithub.com/sensepost/CVE-2025-64446★ 31 githubgithub.com/lincemorado97/CVE-2025-64446_CVE-2025-58034★ 13 githubgithub.com/soltanali0/CVE-2025-64446-Exploit★ 13 githubgithub.com/sxyrxyy/CVE-2025-64446-FortiWeb-CGI-Bypass-PoC★ 13 githubgithub.com/fevar54/CVE-2025-64446-PoC---FortiWeb-Path-Traversal★ 7 githubgithub.com/verylazytech/CVE-2025-64446★ 3 githubgithub.com/AN5I/cve-2025-64446-fortiweb-exploit★ 1 githubgithub.com/Death112233/CVE-2025-64446-★ 0 githubgithub.com/lequoca/fortinet-fortiweb-cve-2025-64446-58034★ 0 githubgithub.com/eagle-nett/FORTIWEB_CVE-2025-64446-58034★ 0 githubgithub.com/0xBlackash/CVE-2025-64446★ 0 githubgithub.com/D3crypT0r/CVE-2025-64446★ 0 cve_referencegithub.com/watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypassunverified exploitdbwww.exploit-db.com/exploits/52495unverified exploitdbwww.exploit-db.com/exploits/52502unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-910 https://github.com/watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypass https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-64446