Fortinet FortiWeb CVE-2025-64446 Exploited for Admin Takeover

Fortinet FortiWeb CVE-2025-64446 Exploited for Admin Takeover

First seen 16 Dec 2025, 15:57 UTC CybersecuritynewsCrnWebpronews 64% similarity 46.7

Article Content

Browse articles
ThreatCluster

A critical path-traversal vulnerability (CVE-2025-64446) in Fortinet's FortiWeb web application firewall has been exploited by threat actors since early October 2025. This flaw allows unauthenticated attackers to create rogue administrator accounts, providing full control over affected devices. The vulnerability was detailed by researchers at watchTowr Labs on November 13, 2025.

ThreatCluster AI

Community

Browse all →