Crn
Fortinet FortiWeb CVE-2025-64446 Exploited for Admin Takeover
First seen 16 Dec 2025, 15:57 UTC
•

•64% similarity
•46.7
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
A critical path-traversal vulnerability (CVE-2025-64446) in Fortinet's FortiWeb web application firewall has been exploited by threat actors since early October 2025. This flaw allows unauthenticated attackers to create rogue administrator accounts, providing full control over affected devices. The vulnerability was detailed by researchers at watchTowr Labs on November 13, 2025.
ThreatCluster AI