On October 6, Defused published an X post regarding an unknown exploit targeting Fortinet devices. Shortly after, several cyber security organizations began investigating and confirming that a new exploit appeared to have silently been fixed in some releases of Fortinet’s FortiWeb. This includes researchers at WatchTowr who were able to reproduce the vulnerability. Within hours of their publication, Fortinet released a security advisory acknowledging that CVE-2025-64446 has been exploited in the wild.

CVE-2025-64446 is a relative path traversal vulnerability affecting Fortinet’s FortiWeb. An unauthenticated attacker could exploit this vulnerability to execute arbitrary commands on an affected device. According to the advisory and several reports released prior to the publication of the security advisory, this vulnerability has been exploited in the wild.

Prior to the publication of the security advisory (FG-IR-25-910) from Fortinet, several research groups began testing the exploit to determine which versions were affected and which were patched. Although several new releases appeared to contain a fix based on testing of the exploit, confirmed patch information was not available until Fortinet published their security advisory.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.