A critical vulnerability in Fortinet’s FortiWeb Web Application Firewall (CVE-2025-64446) is currently being actively exploited. The flaw allows unauthenticated attackers to run administrative commands and create unauthorized administrator accounts on vulnerable devices.

Affected Systems:

The affected systems and versions are:

• FortiWeb versions: 8.0.0 to 8.0.1, 7.6.0 to 7.6.4, 7.4.0 to 7.4.9, 7.2.0 to 7.2.11, and 7.0.0 to 7.0.11.

Security Risks

Exploitation of this vulnerability can give attackers full administrative access, enabling them to alter configurations, create rogue accounts and potentially compromise sensitive data or connected systems.

For a complete list of the security patches released by Fortinet, please refer to the official Fortinet security advisory.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends that system administrators:

• Follow Fortinet Security Advisory to lower the risk of potential exploits, protect systems, and ensure their security.

• Apply the required and latest security updates as soon as possible.

  The released software versions for upgrade are:

• FortiWeb versions: Upgrade to 8.0.2 or above, 7.6.5 or above, 7.4.10 or above, 7.2.12 or above, 7.0.12 or above.

• Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us at 9009.

References

• https://fortiguard.fortinet.com/psirt/FG-IR-25-910

• https://www.fortiguard.com/psirt

• Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability

• Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products