High Threat Security Alert (A25-11-17): Vulnerability in Fortinet FortiWeb


 

Published on: 17 November 2025

Share on Facebook    Share on X   

Description:

Fortinet released security advisories to address a vulnerability in Fortinet FortiWeb. An attacker could exploit the vulnerability by sending specially crafted requests to an affected system.

Reports indicated that the remote code execution vulnerability (CVE-2025-64446) in FortiWeb is being exploited in the wild. System administrators are advised to take immediate action to upgrade your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • FortiWeb version 7.0.0 through 7.0.11, version 7.2.0 through 7.2.11, version 7.4.0 through 7.4.9, version 7.6.0 through 7.6.4, version 8.0.0 through 8.0.1

For detailed information of the affected products, please refer to the section "Affected Products" of corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerability could lead to remote code execution on an affected system.

 

Recommendation:

Patches for the affected systems are now available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://fortiguard.fortinet.com/psirt/FG-IR-25-910
  • https://www.hkcert.org/security-bulletin/fortinet-fortiweb-remote-code-execution-vulnerability_20251117
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64446


Tag: Fortinet , FortiWeb
Tags