A proof-of-concept (PoC) exploit tool for CVE-2025-64446 has been made publicly available, targeting a critical vulnerability in FortiWeb devices. This vulnerability involves a severe path traversal flaw that allows unauthorized access to sensitive CGI endpoints, which has already been identified in real-world attacks. The PoC provides a straightforward Python-based script designed for penetration testers to verify vulnerable systems. This tool poses dangers to enterprises, especially those in sectors like finance and healthcare that rely on FortiWeb for web protection. Security experts are urging organizations to patch systems immediately, as the vulnerability has a CVSS score of 9.8, indicating its severity and potential widespread impact. As exploitation attempts are anticipated to rise, Fortinet has outlined necessary security measures including upgrading to version 7.4.7 or later and employing network segmentation to address associated risks in operations.
👉 Pročitaj original: Cyber Security News
