#fortiweb

[ follow ]
#path-traversal #cve-2025-64446 #active-exploitation #cisa #authentication-bypass #mass-scan-campaign
Information security
fromTheregister
17 hours ago

Fortinet finally cops to critical bug under active exploit

Critical FortiWeb path traversal (CVE-2025-64446) allows unauthenticated attackers full administrative takeover and was exploited in the wild before a public advisory and CVE assignment.
fromTechzine Global
1 day ago

FortiWeb vulnerability actively exploited to create admin accounts

A vulnerability in Fortinet FortiWeb is being actively exploited worldwide to create new administrator accounts without authentication on devices that are directly accessible from the internet. This involves a path traversal that makes it possible to call an internal CGI script via the management path. Researchers have observed attackers scanning large numbers of devices and bombarding them with automated requests, immediately affecting any system with an open management interface.
Information security
[ Load more ]