CISA is aware of exploitation of a newly disclosed vulnerability, CVE-2025-64446, in Fortinet FortiWeb, a web application firewall.
This vulnerability affects the following FortiWeb versions:1 8.0.0 through 8.0.1 7.6.0 through 7.6.4 7.4.0 through 7.4.9 7.2.0 through 7.2.11 7.0.0 through 7.0.11 CVE-2025-64446 is a relative path traversal vulnerability CWE-23: Relative Path Traversal that may allow an unauthenticated malicious actor to execute administrative commands on a system via specially crafted HTTP or HTTPS requests.
Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cisco Warns of Critical Vulnerability Revealed in ‘Vault 7’ Data Dump
March 20, 2017
Cisco Systems warned customers on Friday of a critical vulnerability that could allow an attacker to execute arbitrary code and obtain full control on more than 300 different models of its switches and routers. Cisco said it became aware of the vulnerability after WikiLeaks released its Vault 7 cache of documents that revealed the existence ...

