This website uses cookies We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use our website. Show details Allow all cookies Use necessary cookies only EXPLOIT DATABASE EXPLOITS GHDB PAPERS SHELLCODES SEARCH EDB SEARCHSPLOIT MANUAL SUBMISSIONS ONLINE TRAINING Fortinet FortiWeb v8.0.1 - Auth Bypass EDB-ID: 52495 CVE: 2025-64446 EDB Verified: Author: NU11SECUR1TY Type: WEBAPPS Exploit: / Platform: MULTIPLE Date: 2026-04-06 Vulnerable App: # Titles:Fortinet FortiWeb v8.0.1 - Auth Bypass # Author: nu11secur1ty # Date: 11/15/2025 # Vendor: https://www.fortinet.com/ # Software: v8.0.1 # Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-64446 ## Description: CVE-2025-64446 is a critical path traversal vulnerability affecting multiple versions of Fortinet FortiWeb, a Web Application Firewall (WAF) used to protect web applications and APIs. The vulnerability allows an unauthenticated remote attacker to send specially crafted HTTP/HTTPS requests that may result in administrative access bypass on vulnerable FortiWeb systems. ## Severity - CVSS v3.1 Score: 9.8 (Critical) - Attack Vector: Network - Privileges Required: None (Unauthenticated) - User Interaction: None - Impact: High (Authentication bypass, configuration exposure, potential full administrative access) ## Affected Products & Versions The following FortiWeb versions are confirmed vulnerable: | Product | Affected Versions | |--------|--------------------| | FortiWeb 8.0.x | 8.0.0 – 8.0.1 | | FortiWeb 7.6.x | 7.6.0 – 7.6.4 | | FortiWeb 7.4.x | 7.4.0 – 7.4.9 | | FortiWeb 7.2.x | 7.2.0 – 7.2.11 | | FortiWeb 7.0.x | 7.0.0 – 7.0.11 | ## Fixed Versions Fortinet has released patched versions that fully address CVE-2025-64446: | Product | Fixed Version | |---------|----------------| | FortiWeb 8.0.x | 8.0.2 or later | | FortiWeb 7.6.x | 7.6.5 or later | | FortiWeb 7.4.x | 7.4.10 or later | | FortiWeb 7.2.x | 7.2.12 or later | | FortiWeb 7.0.x | 7.0.12 or later | ## Technical Description The vulnerability stems from insufficient path normalization in HTTP/HTTPS request handling, allowing externally controlled paths to bypass directory restrictions. This may result in: - Unauthorized access to backend administrative endpoints - Exposure of sensitive configuration - Potential manipulation of management interfaces ## Impact If successfully exploited, attackers may achieve: - Authentication bypass - Administrative access - Ability to view/modify configuration - Possible service disruption ## Mitigation If immediate patching is not possible: 1. Disable public HTTP/HTTPS administrative access. 2. Restrict admin interfaces to trusted internal networks. 3. Use firewall rules to limit admin-port access. 4. Monitor logs for traversal-like patterns. ## Remediation **Upgrade to the nearest patched version as soon as possible.** ## Disclosure Timeline | Date | Event | |------|--------| | 2025-XX-XX | Vulnerability discovered | | 2025-XX-XX | Vendor notified | | 2025-XX-XX | Patch development | | 2025-XX-XX | Advisory published | | 2025-XX-XX | CVE assigned | # STATUS: HIGH - CRITICAL [+]Payload: ``` No! For security reasons! ``` # Reproduce: [href](https://www.patreon.com/posts/cve-2025-64446-143637933) # Demo: [href](https://www.patreon.com/posts/cve-2025-64446-143637933) # Time spent: 25:00:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ home page: https://www.asc3t1c-nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <https://www.asc3t1c-nu11secur1ty.com/> -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstorm.news/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.asc3t1c-nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/> Copy Tags: Advisory/Source: Link Databases Links Sites Solutions Exploits Search Exploit-DB OffSec Courses and Certifications Google Hacking Submit Entry Kali Linux Learn Subscriptions Papers SearchSploit Manual VulnHub OffSec Cyber Range Shellcodes Exploit Statistics Proving Grounds Penetration Testing Services EXPLOIT DATABASE BY OFFSEC TERMS PRIVACY ABOUT US FAQ COOKIES © OffSec Services Limited 2026. All rights reserved.