Fortinet Addresses Critical Security Flaw in FortiWeb After Active Exploitation

Security vendor Fortinet has acknowledged patching a severe vulnerability in its FortiWeb web application firewall that attackers were actively targeting in widespread campaigns.

The vulnerability, now identified as CVE-2025-64446, involves a path confusion issue in the FortiWeb GUI component that enables unauthorized attackers to execute administrative commands through specially crafted HTTP or HTTPS requests on vulnerable systems.

Threat intelligence company Defused first detected exploitation attempts on October 6, observing unknown actors leveraging what appeared to be a path traversal vulnerability to establish new administrator-level accounts on internet-facing FortiWeb devices.

Defused published a proof-of-concept exploit demonstrating how attackers could target the /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi endpoint to create unauthorized administrative access.

Security researchers at WatchTowr Labs subsequently confirmed the vulnerability by developing their own exploit demonstration and releasing a tool called "FortiWeb Authentication Bypass Artifact Generator" to assist organizations in identifying vulnerable systems within their networks.

According to Rapid7, the security flaw impacts FortiWeb version 8.0.1 and earlier releases. The cybersecurity firm verified that after updating to version 8.0.2, previously functional exploit attempts no longer succeed.

Fortinet officially addressed the zero-day vulnerability in FortiWeb 8.0.2, released on October 28—approximately three weeks after initial reports of active exploitation. In their security advisory published Friday, the company explicitly confirmed observing the vulnerability "being exploited in the wild."

Security experts note that this represents another instance where Fortinet implemented a "silent patch" for a critical vulnerability, releasing the fix before public disclosure of the CVE identifier or detailed vulnerability information.

The catalog of actively exploited vulnerabilities expanded this Friday with the addition of CVE-2025-64446, a path traversal flaw.

Federal agencies across the United States have been directed to secure their systems against this threat by November 21st.

Cybersecurity officials emphasize that such vulnerabilities are common tools for malicious actors and present a severe risk to national infrastructure.

For administrators unable to apply the FortiWeb 8.0.2 update promptly, immediate steps are necessary.

Management interfaces exposed to the internet must have their HTTP or HTTPS services disabled, with access limited strictly to trusted networks.

Fortinet further recommends a thorough review of system configurations and audit logs.

This check should specifically look for any newly created, unauthorized admin accounts or other unusual changes.

Inquiries regarding these active exploitation campaigns remain unanswered by Fortinet at this time.

This incident follows a similar pattern from August, when a critical command injection vulnerability in FortiSIEM was patched.

That update, for CVE-2025-25256, came just one day after researchers reported a surge in brute-force attacks targeting the company's SSL-VPN products.

Why People Need VPN Services to Unblock Porn

People need VPN services to unblock porn because they want to bypass geo-restrictions and censorship that limit access to adult content in certain regions. Unblocked porn refers to adult websites and videos that are accessible without restrictions, often made possible through the use of VPNs that mask users' locations and enhance privacy.

Why Choose SafeShell VPN to Access Adult Content

If you're looking to unblock porn sites and access region-restricted adult content, SafeShell VPN offers an exceptional solution that prioritizes both accessibility and security. With SafeShell VPN, you can enjoy unrestricted browsing while maintaining complete privacy through several key advantages:

1. The exclusive ShellGuard protocol ensures your adult content viewing remains completely anonymous, preventing ISPs and network administrators from monitoring your activities
2. Lightning-fast connection speeds eliminate buffering issues when streaming high-definition adult content, unlike many competing VPNs that slow your connection
3. The innovative App Mode feature allows you to access adult content from multiple regions simultaneously without constantly switching servers
4. Support for up to five devices means you can unblock porn sites on your smartphone, tablet, computer, and smart TV with a single subscription
5. Wide server distribution across numerous countries ensures you can bypass even the strictest geo-restrictions on adult websites

How to Use SafeShell VPN to Unlock Porn Sites

To begin using SafeShell VPN to access porn content from different regions, first, you need to subscribe to SafeShell VPN by visiting their official website and selecting a plan that suits your needs. Once you've completed your subscription, download and install the SafeShell app onto your preferred device, ensuring you have the necessary software to run the VPN smoothly. After installation, open the app and enable the App Mode feature, which provides enhanced flexibility and access options for browsing.

Next, navigate to the server selection menu within the SafeShell VPN interface and choose a server location that corresponds to the region whose content you wish to access. Connecting to this server will mask your real IP address and make it appear as though you are browsing from the selected country. To maximize privacy and security, ensure you activate the connection and verify that the VPN status indicates a successful link. With SafeShell VPN activated and connected to your chosen server, you can now browse adult content freely, enjoying unrestricted access while maintaining complete privacy.