Search Results: FortiWeb

Fortinet has confirmed a critical zero-day vulnerability in its FortiWeb web application firewall, actively exploited to create unauthorized admin accounts on exposed devices. The flaw, tracked as CVE-2025-64446, was silently patched weeks ago, but many systems remain at risk. This incident underscores the urgency for swift updates and robust network defenses in enterprise security.

A critical path traversal vulnerability in Fortinet FortiWeb is being actively exploited in the wild, allowing unauthenticated attackers to create administrative accounts on vulnerable devices. Organizations using FortiWeb versions 8.0.1 and earlier must patch immediately and review their systems for signs of compromise.