CISA issued an alert for CVE-2025-64446, a path traversal vulnerability in Fortinet’s FortiWeb Web Application Firewall (WAF), allowing unauthenticated attackers to execute admin commands. This has been exploited in the wild since its inclusion in the Known Exploited Vulnerabilities catalog on November 14, 2025. Federal agencies have a deadline of November 21 to implement mitigations or cease usage of affected systems.
The flaw affects multiple FortiWeb versions, with potential outcomes including system compromise and data exfiltration. Experts emphasize the need for immediate patching to versions 7.4.8 or 7.6.6. Organizations are advised to monitor for signs of unauthorized access and are warned about the implications if left unpatched, such as lateral movement by attackers. The ongoing exploitation of this vulnerability highlights considerable risks associated with network security appliances, urging affected users to act quickly to prevent broader attack chains.
👉 Pročitaj original: Cyber Security News
