PoC Exploit Tool Released for FortiWeb WAF Vulnerability Exploited in the Wild
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A proof-of-concept (PoC) exploit tool for CVE-2025-64446<\/a> has been publicly released on GitHub. This vulnerability, affecting FortiWeb devices from Fortinet, involves a critical path traversal flaw that has already been observed in real-world attacks, allowing unauthorized access to sensitive CGI endpoints.<\/p>\n Security researchers warn that the tool\u2019s availability could accelerate exploitation attempts against unpatched systems worldwide.\u200b<\/p>\n CVE-2025-64446 targets FortiWeb\u2019s web application firewall (WAF) component, enabling attackers to bypass access controls and manipulate user accounts through directory traversal techniques.<\/p>\n Discovered earlier this year, the flaw stems from improper input validation in the CGI handling mechanism, permitting remote code execution in certain configurations.<\/p>\n According to Fortinet\u2019s advisory, affected versions range from 6.3.0 to 7.4.6, with exploitation in the wild reported as early as October 2025 by threat intelligence firms monitoring dark web forums and incident response logs.<\/p>\n The vulnerability\u2019s severity is rated CVSS 9.8, indicating its potential to have a widespread impact on enterprises that rely on FortiWeb for web traffic protection.<\/p>\n The PoC, developed by<\/a> GitHub user sxyrxyy and shared under the repository \u201cCVE-2025-64446-FortiWeb-CGI-Bypass-PoC,\u201d provides a straightforward Python-based script for testing and exploiting the flaw.<\/p>\n Designed for authorized security testing, the tool requires minimal setup: users simply install dependencies via \u201cpip install -r requirements.txt\u201d before running the exploit script.<\/p>\n For vulnerability verification, the command \u201cpython3 exploit.py -t <target_ip> \u2013check\u201d probes the target without causing harm, confirming if the system is susceptible to traversal attacks.<\/p>\n In exploit mode, \u201cpython3 exploit.py -t <target_ip> \u2013exploit\u201d leverages the CGI endpoint to create or modify administrative user accounts, defaulting to a username \u201csxy\u201d and password \u201csxyrxyadmin1!\u201d.\u200b<\/p>\n Advanced options enhance the tool\u2019s flexibility for penetration testers<\/a>. Custom parameters allow specifying usernames, passwords, profile names (default: prof_admin), VDOM instances (default: root), and login names (default: admin).<\/p>\n For batch operations, the script supports loading multiple targets from a file like targets.txt, enabling scans across IP ranges such as 192.168.1.100 to 192.168.1.102.<\/p>\n Port customization defaults to 443 for HTTPS, but the \u201c\u2013http\u201d flag switches to unencrypted traffic, and the \u201c\u2013testpoint-name\u201d option sets a default user creation name of \u201cTestpoint\u201d.\u200b<\/p>\n Experts emphasize the tool\u2019s dual-edged nature: while invaluable for defensive assessments, its public release amplifies threats to outdated FortiWeb deployments in sectors like finance and healthcare.<\/p>\n Fortinet urges immediate patching to version 7.4.7 or later, alongside network segmentation to mitigate lateral movement risks. The repository\u2019s disclaimer stresses use only on owned or permitted systems, aligning with responsible disclosure norms.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post PoC Exploit Tool Released for FortiWeb WAF Vulnerability Exploited in the Wild<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n