Critical FortiWeb WAF Flaw Exploited in the Wild, Enabling Full Admin Takeover
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Fortinet has issued an urgent advisory warning of a critical vulnerability in its FortiWeb web application firewall<\/a> (WAF) product, which attackers are actively exploiting in the wild.<\/p>\n Identified as CVE-2025-64446, the flaw stems from improper access control<\/a> in the GUI component, allowing unauthenticated threat actors to execute administrative commands and potentially seize complete control of affected systems.<\/p>\n The vulnerability, classified as a relative path traversal issue (CWE-23), enables attackers to craft malicious HTTP or HTTPS requests that bypass authentication.<\/p>\n This could lead to the creation of unauthorized administrator accounts, granting full access to the device\u2019s configuration and sensitive data. Fortinet\u2019s Product Security Incident Response Team (PSIRT) confirmed active exploitation and urged immediate patching to mitigate risks.<\/p>\n With a CVSS v3.1 base score of 9.1 (AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H), the flaw earns a \u201cCritical\u201d severity rating per National Vulnerability Database (NVD) standards. It affects multiple FortiWeb versions across branches 8.0, 7.6, 7.4, 7.2, and 7.0. Specifically:<\/p>\n Users should upgrade to the latest patched versions: 8.0.2 or above, 7.6.5 or above, 7.4.10 or above, 7.2.12 or above, or 7.0.12 or above, respectively. Detailed CVRF and CSAF files are available on FortiGuard for automated integration.<\/p>\n As a temporary workaround, Fortinet recommends disabling HTTP or HTTPS access on internet-facing interfaces, aligning with best practices that limit management access to internal networks only. This reduces exposure significantly but doesn\u2019t eliminate the threat entirely.<\/p>\n Post-upgrade, organizations must audit configurations and logs for signs of compromise, such as unexpected admin account additions or modifications. Fortinet emphasized reviewing access patterns to detect any lingering unauthorized activity.<\/p>\n This incident highlights the persistent risks to network security appliances, which are prime targets for attackers seeking to pivot into broader environments.<\/p>\n As WAFs like FortiWeb protect web applications from threats, they can also introduce ironic backdoors through their own vulnerabilities. Security experts advise prioritizing patches for critical infrastructure, especially given the flaw\u2019s ease of exploitation, as no privileges or user interaction are required.<\/p>\n Fortinet\u2019s advisory<\/a>, published today, underscores the company\u2019s commitment to rapid disclosure. For more details, visit the FortiGuard PSIRT page. As exploitation continues, unpatched systems remain highly vulnerable.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Critical FortiWeb WAF Flaw Exploited in the Wild, Enabling Full Admin Takeover<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n\n