CVE 9.1 CRITICAL

CVE-2025-64446_CVE-2025-64446

November 14, 2025 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Description

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

AI Analysis

Relative path traversal vulnerability allowing administrative command execution

Basic Information

ID CVE-2025-64446

Source fortinet

Published Nov 14, 2025 at 15:50

Modified Nov 14, 2025 at 18:12

Affected Product

Vendor Fortinet

Product FortiWeb

Version 8.0.0

Affected Versions Fortinet FortiWeb 8.0.0
Fortinet FortiWeb 7.6.0
Fortinet FortiWeb 7.4.0
Fortinet FortiWeb 7.2.0
Fortinet FortiWeb 7.0.0

CWE Classification

CWE-23

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Fortinet

Product FortiWeb

Version 8.0.0, 7.6.0, 7.4.0, 7.2.0, 7.0.0

References

fortiguard.fortinet.com /psirt/FG-IR-25-910

{
    "lastseen": "",
    "description": "A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.",
    "published": "2025-11-14T15:50:52.778Z",
    "modified": "2025-11-14T18:12:26.925Z",
    "type": "cve",
    "title": "CVE-2025-64446",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-25-910",
    "id": "CVE-2025-64446",
    "bulletinFamily": "",
    "cwe": [
        "CWE-23"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiWeb 8.0.0\nFortinet FortiWeb 7.6.0\nFortinet FortiWeb 7.4.0\nFortinet FortiWeb 7.2.0\nFortinet FortiWeb 7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiWeb",
    "version": "8.0.0",
    "vendor": "Fortinet",
    "ai_description": "Relative path traversal vulnerability allowing administrative command execution",
    "ai_severity": "Critical",
    "ai_vendor": "Fortinet",
    "ai_product": "FortiWeb",
    "ai_version": "8.0.0, 7.6.0, 7.4.0, 7.2.0, 7.0.0",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply