What is CVE-2025-64446?

CVE-2025-64446 is a critical relative path traversal vulnerability affecting Fortinet FortiWeb versions 8.0.0 to 8.0.1, and earlier versions. Attackers may execute administrative commands remotely, necessitating immediate action from organizations.

What is the severity of CVE-2025-64446?

CVE-2025-64446 has a severity rating of CRITICAL with a CVSS base score of 9.8.

Is CVE-2025-64446 in CISA KEV?

Yes. CVE-2025-64446 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2025-64446 | Critical Vulnerability in Fortinet FortiWeb

CVE-2025-64446 is classified as a critical relative path traversal vulnerability affecting Fortinet FortiWeb versions 8.0.0 through 8.0.1, as well as multiple earlier versions. The CVSS score is 9.8, indicating a severe impact on confidentiality, integrity, and availability. This vulnerability allows attackers to execute administrative commands on the system through crafted HTTP or HTTPS requests, posing a significant risk to organizations.

Risk to organizations includes unauthorized administrative access, which can lead to full system compromise. Given the criticality of this vulnerability and its potential for exploitation, organizations must prioritize remediation efforts immediately.

Currently, this vulnerability is included in the Known Exploited Vulnerabilities (KEV) catalog, suggesting that active exploitation is likely. The urgency for defenders cannot be overstated, as attackers may leverage this vulnerability to gain control of affected systems.

Organizations using vulnerable versions of FortiWeb should immediately assess their exposure and apply necessary patches or mitigations to protect their systems.

Vulnerability Details

The vulnerability allows an attacker to execute administrative commands on the system, which can lead to various malicious activities. The CVE was published on November 14, 2025, and classified under CWE-23, indicating a path traversal issue.

The affected products include FortiWeb versions ranging from 7.0.0 to 8.0.1, with specific version ranges noted for each major release.

Technical Analysis

The root cause of this vulnerability stems from improper validation of user-supplied input, allowing crafted requests to manipulate file paths. The attack vector is classified as network-based, with low complexity, meaning that no special conditions are required for exploitation.

No user interaction is required, and the attacker requires no privileges to exploit this vulnerability. Successful exploitation can lead to high confidentiality, integrity, and availability impacts.

Risk & Impact Analysis

The real-world deployment risk of CVE-2025-64446 is significant, as it can lead to unauthorized access and control over the affected systems. Organizations that fail to address this vulnerability may face severe repercussions, including data breaches and operational disruptions.

The urgency assessment based on CVSS and KEV indicates that organizations should prioritize patching immediately.

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

The following versions of FortiWeb are affected by this vulnerability: FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, and FortiWeb 7.0.0 through 7.0.11. Organizations should upgrade to patched versions as soon as possible.

Mitigation & Remediation

Organizations should apply the latest patches for FortiWeb to remediate this vulnerability. It is critical to follow vendor instructions closely and ensure systems are updated to versions that address this vulnerability. For additional security, consider implementing configuration hardening and network controls.

For more information on how to effectively manage vulnerabilities, organizations can refer to the penetration testing services offered by AppSecure.

Detection Guidance

To detect possible exploitation attempts, organizations should monitor for unusual HTTP or HTTPS requests targeting FortiWeb systems. Relevant log indicators may include unexpected administrative commands or access attempts, which should be investigated thoroughly.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-64446 highlights the importance of regular vulnerability assessments and security hygiene. Security teams must be vigilant in monitoring for similar vulnerabilities and ensuring their systems are adequately protected against exploitation.

For insights on vulnerability management, security teams may find the following resources beneficial: vulnerability management program, penetration testing methodology, and security testing best practices to strengthen defenses against potential attacks.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-64446: Critical Vulnerability in Fortinet FortiWeb