A proof-of-concept (PoC) exploit instrument for CVE-2025-64446 has been publicly launched on GitHub. This vulnerability, affecting FortiWeb units from Fortinet, includes a essential path traversal flaw that has already been noticed in real-world assaults, permitting unauthorized entry to delicate CGI endpoints.
Safety researchers warn that the instrument’s availability may speed up exploitation makes an attempt in opposition to unpatched techniques worldwide.
CVE-2025-64446 targets FortiWeb’s net software firewall (WAF) element, enabling attackers to bypass entry controls and manipulate consumer accounts by listing traversal strategies.
Found earlier this yr, the flaw stems from improper enter validation within the CGI dealing with mechanism, allowing distant code execution in sure configurations.
In keeping with Fortinet’s advisory, affected variations vary from 6.3.0 to 7.4.6, with exploitation within the wild reported as early as October 2025 by risk intelligence companies monitoring darkish net boards and incident response logs.
The vulnerability’s severity is rated CVSS 9.8, indicating its potential to have a widespread influence on enterprises that depend on FortiWeb for net visitors safety.
The PoC, developed by GitHub consumer sxyrxyy and shared underneath the repository “CVE-2025-64446-FortiWeb-CGI-Bypass-PoC,” gives an easy Python-based script for testing and exploiting the flaw.
Designed for approved safety testing, the instrument requires minimal setup: customers merely set up dependencies by way of “pip set up -r necessities.txt” earlier than operating the exploit script.
For vulnerability verification, the command “python3 exploit.py -t –test” probes the goal with out inflicting hurt, confirming if the system is inclined to traversal assaults.
In exploit mode, “python3 exploit.py -t –exploit” leverages the CGI endpoint to create or modify administrative consumer accounts, defaulting to a username “sxy” and password “sxyrxyadmin1!”.
Superior choices improve the instrument’s flexibility for penetration testers. Customized parameters enable specifying usernames, passwords, profile names (default: prof_admin), VDOM cases (default: root), and login names (default: admin).
For batch operations, the script helps loading a number of targets from a file like targets.txt, enabling scans throughout IP ranges comparable to 192.168.1.100 to 192.168.1.102.
Port customization defaults to 443 for HTTPS, however the “–http” flag switches to unencrypted visitors, and the “–testpoint-name” possibility units a default consumer creation identify of “Testpoint”.
Consultants emphasize the instrument’s dual-edged nature: whereas invaluable for defensive assessments, its public launch amplifies threats to outdated FortiWeb deployments in sectors like finance and healthcare.
Fortinet urges fast patching to model 7.4.7 or later, alongside community segmentation to mitigate lateral motion dangers. The repository’s disclaimer stresses use solely on owned or permitted techniques, aligning with accountable disclosure norms.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
