CVE-2025-64446
unknown
KEV
CVSS v3
—
CVSS v2
—
VIR risk
1.5
Description
Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
CISA KEV
- Vendor
- Fortinet
- Product
- FortiWeb
- Due date
- 2025-11-21
Predictions
Exploit likelihood
99%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cisa-kev — https://www.fortiguard.com/psirt/FG-IR-25-910 ; https://nvd.nist.gov/vuln/detail/CVE-2025-64446
Exploits
References
Verify integrity in audit chain (admin only). AS-IS.