A critical zero-day vulnerability, CVE-2025-64446, has been discovered in Fortinet FortiWeb, a web application firewall. This path-traversal flaw is actively being exploited to create unauthorized administrator accounts on affected systems. Attackers can gain full administrator access without authentication, posing significant security risks. Although Fortinet has yet to officially acknowledge the flaw, exploitation has been ongoing since early October 2025. The vulnerability affects FortiWeb versions 8.0.1 and earlier, with a patch available in version 8.0.2, which blocks exploitation attempts. Global activity has been identified, with automated attacks creating admin accounts using specific names and passwords. Organizations are urged to rely on community intelligence and manage their exposure proactively, as Fortinet has not released a formal advisory yet.
What are the details and next steps for CVE-2025-64446 in Fortinet FortiWeb?
