Fortinet FortiWeb Remote Code Execution Vulnerability

Release Date: 17 Nov 2025

RISK: Extremely High Risk

TYPE: Operating Systems - Networks OS

A vulnerability was identified in Fortinet FortiWeb. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note:

CVE-2025-64446 is being exploited in the wild. This relative path traversal vulnerability in FortiWeb may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

 

---

Impact

• Remote Code Execution

---

System / Technologies affected

FortiWeb

• FortiWeb 7.0.0 through 7.0.11
• FortiWeb 7.2.0 through 7.2.11
• FortiWeb 7.4.0 through 7.4.9
• FortiWeb 7.6.0 through 7.6.4
• FortiWeb 8.0.0 through 8.0.1

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://fortiguard.fortinet.com/psirt/FG-IR-25-910

---

Vulnerability Identifier

• CVE-2025-64446

---

Source

• Fortinet

---

Related Link

• https://fortiguard.fortinet.com/psirt/FG-IR-25-910