module
Fortinet FortiWeb unauthenticated RCE
| Disclosed |
|---|
| Nov 14, 2025 |
Disclosed
Nov 14, 2025
Description
This exploit module exploits an authentication bypass via path traversal vulnerability in the Fortinet
FortiWeb management interface to create a new local administrator user account. From there a command
injection vulnerability is leveraged to achieve RCE with root privileges.
The auth bypass CVE-2025-64446 affects the following versions:
* FortiWeb 8.0.0 through 8.0.1 (Patched in 8.0.2 and above)
* FortiWeb 7.6.0 through 7.6.4 (Patched in 7.6.5 and above)
* FortiWeb 7.4.0 through 7.4.9 (Patched in 7.4.10 and above)
* FortiWeb 7.2.0 through 7.2.11 (Patched in 7.2.12 and above)
* FortiWeb 7.0.0 through 7.0.11 (Patched in 7.0.12 and above)
The command injection CVE-2025-58034 affects the following versions (Note the 7.6 and 7.4 branches are very
slightly different when compared to the patch versions for CVE-2025-64446:
* FortiWeb 8.0.0 through 8.0.1 (Patched in 8.0.2 and above)
* FortiWeb 7.6.0 through 7.6.5 (Patched in 7.6.6 and above) * FortiWeb 7.4.0 through 7.4.10 (Patched in 7.4.11 and above) * FortiWeb 7.2.0 through 7.2.11 (Patched in 7.2.12 and above)
* FortiWeb 7.0.0 through 7.0.11 (Patched in 7.0.12 and above)
Note: Unsupported versions 6.* are also affected.
This exploit module has been confirmed to work against 8.0.1, 7.4.8, 6.4.3, and 6.3.9.
FortiWeb management interface to create a new local administrator user account. From there a command
injection vulnerability is leveraged to achieve RCE with root privileges.
The auth bypass CVE-2025-64446 affects the following versions:
* FortiWeb 8.0.0 through 8.0.1 (Patched in 8.0.2 and above)
* FortiWeb 7.6.0 through 7.6.4 (Patched in 7.6.5 and above)
* FortiWeb 7.4.0 through 7.4.9 (Patched in 7.4.10 and above)
* FortiWeb 7.2.0 through 7.2.11 (Patched in 7.2.12 and above)
* FortiWeb 7.0.0 through 7.0.11 (Patched in 7.0.12 and above)
The command injection CVE-2025-58034 affects the following versions (Note the 7.6 and 7.4 branches are very
slightly different when compared to the patch versions for CVE-2025-64446:
* FortiWeb 8.0.0 through 8.0.1 (Patched in 8.0.2 and above)
* FortiWeb 7.6.0 through 7.6.5 (Patched in 7.6.6 and above) * FortiWeb 7.4.0 through 7.4.10 (Patched in 7.4.11 and above) * FortiWeb 7.2.0 through 7.2.11 (Patched in 7.2.12 and above)
* FortiWeb 7.0.0 through 7.0.11 (Patched in 7.0.12 and above)
Note: Unsupported versions 6.* are also affected.
This exploit module has been confirmed to work against 8.0.1, 7.4.8, 6.4.3, and 6.3.9.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.