{"cve_id":"CVE-2025-64446","summary":"A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.92629,"ranking_epss":0.99745,"kev":true,"propose_action":"Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.","ransomware_campaign":"Unknown","references":["https://fortiguard.fortinet.com/psirt/FG-IR-25-910","https://github.com/watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypass","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-64446"],"published_time":"2025-11-14T16:15:58","cpes":["cpe:2.3:a:fortinet:fortiweb:7.0.0","cpe:2.3:a:fortinet:fortiweb:7.0.1","cpe:2.3:a:fortinet:fortiweb:7.0.10","cpe:2.3:a:fortinet:fortiweb:7.0.11","cpe:2.3:a:fortinet:fortiweb:7.0.2","cpe:2.3:a:fortinet:fortiweb:7.0.3","cpe:2.3:a:fortinet:fortiweb:7.0.4","cpe:2.3:a:fortinet:fortiweb:7.0.5","cpe:2.3:a:fortinet:fortiweb:7.0.6","cpe:2.3:a:fortinet:fortiweb:7.0.7","cpe:2.3:a:fortinet:fortiweb:7.0.8","cpe:2.3:a:fortinet:fortiweb:7.0.9","cpe:2.3:a:fortinet:fortiweb:7.2.0","cpe:2.3:a:fortinet:fortiweb:7.2.1","cpe:2.3:a:fortinet:fortiweb:7.2.10","cpe:2.3:a:fortinet:fortiweb:7.2.11","cpe:2.3:a:fortinet:fortiweb:7.2.2","cpe:2.3:a:fortinet:fortiweb:7.2.3","cpe:2.3:a:fortinet:fortiweb:7.2.4","cpe:2.3:a:fortinet:fortiweb:7.2.5","cpe:2.3:a:fortinet:fortiweb:7.2.6","cpe:2.3:a:fortinet:fortiweb:7.2.7","cpe:2.3:a:fortinet:fortiweb:7.2.8","cpe:2.3:a:fortinet:fortiweb:7.2.9","cpe:2.3:a:fortinet:fortiweb:7.4.0","cpe:2.3:a:fortinet:fortiweb:7.4.1","cpe:2.3:a:fortinet:fortiweb:7.4.2","cpe:2.3:a:fortinet:fortiweb:7.4.3","cpe:2.3:a:fortinet:fortiweb:7.4.4","cpe:2.3:a:fortinet:fortiweb:7.4.5","cpe:2.3:a:fortinet:fortiweb:7.4.6","cpe:2.3:a:fortinet:fortiweb:7.4.7","cpe:2.3:a:fortinet:fortiweb:7.4.8","cpe:2.3:a:fortinet:fortiweb:7.4.9","cpe:2.3:a:fortinet:fortiweb:7.6.0","cpe:2.3:a:fortinet:fortiweb:7.6.1","cpe:2.3:a:fortinet:fortiweb:7.6.2","cpe:2.3:a:fortinet:fortiweb:7.6.3","cpe:2.3:a:fortinet:fortiweb:7.6.4","cpe:2.3:a:fortinet:fortiweb:8.0.0","cpe:2.3:a:fortinet:fortiweb:8.0.1"]}