Unrated severityCISA KEVNVD Advisory· Published Nov 14, 2025· Updated Feb 26, 2026

CVE-2025-64446

Description

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

Affected products

Fortinet/Fortiwebv5
cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
Range: 8.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.fortinet.com/psirt/FG-IR-25-910mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.074
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000