Source: Ministry of education information & communication security contingency platform
"" ""
| Publication Number | TACERT-ANA-2025111810115656 | Publication Time | 2025/11/18 10:37 |
| Incident Type | INT – System Compromise | Discovery Time | 2025/11/18 10:37 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】A critical security vulnerability (CVE-2025-64446) has been identified in Fortinet FortiWeb. |
|||
| [Content] Forwarded from TWCERTCC-200-202511-00000013 Fortinet’s FortiWeb is a web application firewall product that provides functions such as anomaly detection, API protection, bot mitigation, and advanced threat analytics. Recently, Fortinet released a critical security advisory (CVE-2025-64446, CVSS: 9.8). This vulnerability is a relative path traversal issue that may allow an unauthenticated attacker to execute administrative commands on the system through specially crafted HTTP or HTTPS requests. Note: Fortinet has observed active exploitation of this vulnerability. It is strongly recommended to promptly implement temporary mitigation measures to prevent potential attacks targeting this issue. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
|
[Affected Platform] FortiWeb versions 7.2.0 through 7.2.11 FortiWeb versions 7.4.0 through 7.4.9 FortiWeb versions 7.6.0 through 7.6.4 FortiWeb versions 8.0.0 through 8.0.1 |
|||
| [Recommended Actions] Please update to the following versions: FortiWeb 7.0.12, FortiWeb 7.2.12, FortiWeb 7.4.10, FortiWeb 7.6.5, and FortiWeb 8.0.2. |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10514-20142-1.html |
|||