Fortinet published information about a new vulnerability in FortiWeb. Affected devices must have specific firmware patches and management interfaces accessible via the WAN. Patched already exist to fix the issue.
PSIRT information
https://www.fortiguard.com/psirt/FG-IR-25-910
| IR Number | FG-IR-25-910 |
| Published Date | Nov 14, 2025 |
| Component | GUI |
| Severity | Critical |
| CVSSv3 Score | 9.1 |
| Impact | Improper access control |
| CVE ID | CVE-2025-64446 |
Affected and patched releases
| Version | Affected | Solution |
|---|---|---|
| FortiWeb 8.0 | 8.0.0 through 8.0.1 | Upgrade to 8.0.2 or above |
| FortiWeb 7.6 | 7.6.0 through 7.6.4 | Upgrade to 7.6.5 or above |
| FortiWeb 7.4 | 7.4.0 through 7.4.9 | Upgrade to 7.4.10 or above |
| FortiWeb 7.2 | 7.2.0 through 7.2.11 | Upgrade to 7.2.12 or above |
| FortiWeb 7.0 | 7.0.0 through 7.0.11 | Upgrade to 7.0.12 or above |
If you are using an affected release, please upgrade asap or remove management access via HTTP/HTTPS from the Internet.
