A critical zero-day vulnerability, identified as CVE-2025-64446, has been disclosed in Fortinet’s FortiWeb web application firewall (WAF). This vulnerability is confirmed to be actively exploited in the wild, posing a significant security risk to affected systems.

The flaw is a path traversal issue, and Fortinet has released information regarding the vulnerability. Organizations utilizing the affected FortiWeb products are advised to review the official advisories and take immediate action to mitigate the threat.

Vulnerability Details: Path Traversal

The security flaw, CVE-2025-64446, is a path traversal vulnerability, also known as directory traversal. This type of vulnerability enables an unauthenticated attacker to access files and directories stored outside of the intended web root folder. By manipulating variables that reference file paths, an attacker can potentially read sensitive files on the server where the FortiWeb appliance is located.

Active Exploitation and Mitigation

The designation of CVE-2025-64446 as a zero-day indicates it was exploited by malicious actors before an official patch was developed or publicly available. The confirmation of active exploitation underscores the urgency for administrators to address the issue. System administrators should refer to official Fortinet channels for information on affected versions and the necessary security patches or mitigation steps required to secure their FortiWeb appliances against this threat.