Russian Vulnerability Scanner Database

Back to List

CVE-2025-64446

Scores

EPSS

0.931high93.1%
0%20%40%60%80%100%

Percentile: 93.1%

CVSS

9.8critical3.x
0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

CWEs

22CWE-23

Related Vulnerabilities

BDU:2025-14084

Exploits

Exploit ID: CVE-2025-64446

Source: cisa

URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Exploit ID: 52495

Source: exploitdb

URL: https://www.exploit-db.com/exploits/52495

Exploit ID: 52502

Source: exploitdb

URL: https://www.exploit-db.com/exploits/52502

Reference Links

https://fortiguard.fortinet.com/psirt/FG-IR-25-910
https://github.com/watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypass
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-64446
https://www.fortiguard.com/psirt/FG-IR-25-910

Vulnerable Software (1)

Type: Configuration

Vendor: *

Product: fortiweb

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",      "versionEndExcluding": "7.0.12",      "versionStartIncluding": "7.0.0",      "vulnerable": true    },...

Source: nvd

End of list