FortiWeb CVE‑2025‑64446: What We’re Seeing in the Wild
ATT&CK techniques detected
T1190Exploit Public-Facing Application
87%
"fortiweb cve ‑ 2025 ‑ 64446 : what we ’ re seeing in the wild greynoise has begun seeing active exploitation of cve ‑ 2025 ‑ 64446, the critical path ‑ traversal flaw that lets an unauthenticated actor run administrative commands on fortinet fortiweb appliances. the vulnerability…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
59%
"cgi - bin / fwbcgi when that endpoint is hit, the attacker gains the ability to execute privileged operations. the first exploit traffic hit our sensors on november 17, 2025, confirming a rapid weaponization cycle that matches the speed we typically see with high - impact edge - …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
GreyNoise has begun seeing active exploitation of CVE‑2025‑64446, the critical path‑traversal flaw that lets an unauthenticated actor run administrative commands on Fortinet FortiWeb appliances.