惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
GRAHAM CLULEY
T
Tenable Blog
Know Your Adversary
Know Your Adversary
C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Privacy International News Feed
S
Security Affairs
NISL@THU
NISL@THU
O
OpenAI News
Attack and Defense Labs
Attack and Defense Labs
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Hacker News: Ask HN
Hacker News: Ask HN
Webroot Blog
Webroot Blog
Schneier on Security
Schneier on Security
S
SegmentFault 最新的问题
S
Schneier on Security
G
Google Developers Blog
V
V2EX
C
Check Point Blog
U
Unit 42
Google DeepMind News
Google DeepMind News
T
Threatpost
阮一峰的网络日志
阮一峰的网络日志
T
The Exploit Database - CXSecurity.com
Recent Announcements
Recent Announcements
M
MIT News - Artificial intelligence
S
Secure Thoughts
博客园 - 司徒正美
Recorded Future
Recorded Future
P
Proofpoint News Feed
Spread Privacy
Spread Privacy
K
Kaspersky official blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
AI
AI
博客园 - 聂微东
N
News and Events Feed by Topic
SecWiki News
SecWiki News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
V
Vulnerabilities – Threatpost
P
Palo Alto Networks Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Engineering at Meta
Engineering at Meta
Recent Commits to openclaw:main
Recent Commits to openclaw:main
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
酷 壳 – CoolShell
酷 壳 – CoolShell
WordPress大学
WordPress大学
The Hacker News
The Hacker News
The Last Watchdog
The Last Watchdog
Project Zero
Project Zero
W
WeLiveSecurity
博客园 - Franky

Exploit-DB.com RSS Feed

MEmu Android Emulator 9.2.7.0 - Local Privilege Escalation OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive
OffSec’s Exploit Database Archive
nu11secur1ty · 2026-04-06 · via Exploit-DB.com RSS Feed
# Titles:Fortinet FortiWeb v8.0.1 - Auth Bypass
# Author: nu11secur1ty
# Date: 11/15/2025
# Vendor: https://www.fortinet.com/
# Software: v8.0.1
# Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-64446

## Description:
CVE-2025-64446 is a critical path traversal vulnerability affecting
multiple versions of Fortinet FortiWeb, a Web Application Firewall (WAF)
used to protect web applications and APIs.
The vulnerability allows an unauthenticated remote attacker to send
specially crafted HTTP/HTTPS requests that may result in administrative
access bypass on vulnerable FortiWeb systems.

## Severity
- CVSS v3.1 Score: 9.8 (Critical)
- Attack Vector: Network
- Privileges Required: None (Unauthenticated)
- User Interaction: None
- Impact: High (Authentication bypass, configuration exposure, potential
full administrative access)

## Affected Products & Versions
The following FortiWeb versions are confirmed vulnerable:

| Product | Affected Versions |
|--------|--------------------|
| FortiWeb 8.0.x | 8.0.0 – 8.0.1 |
| FortiWeb 7.6.x | 7.6.0 – 7.6.4 |
| FortiWeb 7.4.x | 7.4.0 – 7.4.9 |
| FortiWeb 7.2.x | 7.2.0 – 7.2.11 |
| FortiWeb 7.0.x | 7.0.0 – 7.0.11 |

## Fixed Versions
Fortinet has released patched versions that fully address CVE-2025-64446:

| Product | Fixed Version |
|---------|----------------|
| FortiWeb 8.0.x | 8.0.2 or later |
| FortiWeb 7.6.x | 7.6.5 or later |
| FortiWeb 7.4.x | 7.4.10 or later |
| FortiWeb 7.2.x | 7.2.12 or later |
| FortiWeb 7.0.x | 7.0.12 or later |

## Technical Description
The vulnerability stems from insufficient path normalization in HTTP/HTTPS
request handling, allowing externally controlled paths to bypass directory
restrictions.
This may result in:
- Unauthorized access to backend administrative endpoints
- Exposure of sensitive configuration
- Potential manipulation of management interfaces

## Impact
If successfully exploited, attackers may achieve:
- Authentication bypass
- Administrative access
- Ability to view/modify configuration
- Possible service disruption

## Mitigation
If immediate patching is not possible:
1. Disable public HTTP/HTTPS administrative access.
2. Restrict admin interfaces to trusted internal networks.
3. Use firewall rules to limit admin-port access.
4. Monitor logs for traversal-like patterns.

## Remediation
**Upgrade to the nearest patched version as soon as possible.**

## Disclosure Timeline
| Date | Event |
|------|--------|
| 2025-XX-XX | Vulnerability discovered |
| 2025-XX-XX | Vendor notified |
| 2025-XX-XX | Patch development |
| 2025-XX-XX | Advisory published |
| 2025-XX-XX | CVE assigned |


# STATUS:
HIGH - CRITICAL


[+]Payload:
```
No! For security reasons!
```

# Reproduce:
[href](https://www.patreon.com/posts/cve-2025-64446-143637933)

# Demo:
[href](https://www.patreon.com/posts/cve-2025-64446-143637933)

# Time spent:
25:00:00


--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
home page: https://www.asc3t1c-nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <https://www.asc3t1c-nu11secur1ty.com/>

-- 

System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstorm.news/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.asc3t1c-nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>