CVE-2025-64446

Summary

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb8.0.0 <= 8.0.1affected
FortinetFortiWeb7.6.0 <= 7.6.4affected
FortinetFortiWeb7.4.0 <= 7.4.9affected
FortinetFortiWeb7.2.0 <= 7.2.11affected
FortinetFortiWeb7.0.0 <= 7.0.11affected

Weaknesses

  • CWE-23: Escalation of privilege

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

CVE Program Container

References