Fortinet has reported a critical vulnerability in its FortiWeb web application firewall, identified as CVE-2025-64446. This flaw is categorized as a relative path traversal issue, allowing unauthorized users to execute administrative commands through crafted HTTP or HTTPS requests. The CVSS v3.1 base score for the vulnerability is 9.1, highlighting its critical nature. Multiple FortiWeb versions are impacted, necessitating upgrades to the latest patched versions to mitigate the risks.
Fortinet recommends disabling HTTP or HTTPS access to limit exposure until systems can be patched. Organizations must review configurations and logs post-upgrade for signs of compromise, such as unauthorized administrator account additions. This incident underlines the ongoing vulnerabilities that security appliances face, which can serve as entry points for attackers. Given that no user interaction is required to exploit this flaw, patching is critical for safeguarding network security.
👉 Pročitaj original: Cyber Security News
