[Security Vulnerability Alert] Fortinet's FortiWeb has a critical cybersecurity vulnerability (CVE-2025-64446).

 
2025/11/18 ~ 2026/5/18
View Count:18

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202511-00000013

[Content Description]
Fortinet's FortiWeb is a firewall product providing web applications, with features including anomaly detection, API protection, bot mitigation, and advanced threat analysis.

Recently, Fortinet released a critical cybersecurity vulnerability announcement (CVE-2025-64446, CVSS: 9.8). This vulnerability is a relative path traversal vulnerability, which could allow unauthenticated attackers to execute administrative commands on the system through carefully crafted HTTP or HTTPS requests.

Note: Fortinet has observed attackers exploiting this vulnerability and recommends taking immediate temporary mitigation measures to prevent potential attacks exploiting this vulnerability.

[Affected Platforms]
FortiWeb versions 7.0.0 to 7.0.11
FortiWeb versions 7.2.0 to 7.2.11
FortiWeb versions 7.4.0 to 7.4.9
FortiWeb versions 7.6.0 to 7.6.4
FortiWeb versions 8.0.0 to 8.0.1

[Recommended Actions]
Please update to the following versions: FortiWeb 7.0.12, FortiWeb 7.2.12, FortiWeb 7.4.10, FortiWeb 7.6.5, FortiWeb 8.0.2

[References]
1. https://www.twcert.org.tw/tw/cp-169-10514-20142-1.html

Files
system_update_alt參考資料
【Back】
Top↑