A critical FortiWeb flaw (CVE-2025-64446) has been actively exploited in the wild before Fortinet disclosed its severity, allowing unauthenticated actors to perform path traversal and bypass authentication to impersonate administrators. This silent patching by Fortinet has raised alarms among security researchers, as it delayed defense efforts and potentially exposed thousands of internet-facing FortiWeb instances.
Edward Kiledjian
@ekiledjian