Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability
Security firms say the flaw has been actively exploited for weeks, even as Fortinet quietly shipped fixes and CISA added the bug to its KEV catalog. The post Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability appeared first on SecurityWeek.
Fortinet on Friday warned of an exploited FortiWeb vulnerability that allows remote, unauthenticated attackers to gain administrative access to the web application firewall appliances.
Tracked as CVE-2025-64446 (CVSS score of 9.1), the bug is described as a relative path traversal issue that can be exploited via crafted HTTP or HTTPS requests to execute administrative commands on the system.
“Fortinet has observed this to be exploited in the wild,” the company noted in its advisory, without providing additional details on the attack(s).
Related breach coverage
- Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs2026-02-24
The vulnerability in TeamT5 ThreatSonar Anti-Ransomware was recently added to CISA’s KEV catalog. The post Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs appeared first on SecurityWeek.
- CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability2025-11-24
CISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability appeared first on SecurityWeek.
- Organizations Warned of Exploited Zimbra Collaboration Vulnerability2026-01-23
CISA has added the Zimbra flaw to the KEV catalog along with three other bugs exploited in the wild. The post Organizations Warned of Exploited Zimbra Collaboration Vulnerability appeared first on SecurityWeek.
- Exploitation of Critical Fortinet FortiClient EMS Flaw Begins2026-03-31
The SQL injection vulnerability allows unauthenticated attackers to execute arbitrary code remotely, via crafted HTTP requests. The post Exploitation of Critical Fortinet FortiClient EMS Flaw Begins appeared first on SecurityWeek.