Critical Fortinet FortiWeb Authentication Bypass Vulnerability (CVE-2025-64446) Actively Exploited in the Wild

A critical authentication bypass vulnerability (CVE-2025-64446) in Fortinet FortiWeb is being actively exploited in the wild, with a public Proof of Concept (PoC) exploit available. This vulnerability allows attackers to bypass authentication mechanisms and create super_admin accounts, effectively granting them full control over affected FortiWeb devices. The affected versions include FortiWeb 7.2.0 through 7.2.2 and 7.0.0 through 7.0.7. The existence of a public PoC lowers the barrier for exploitation, making it accessible even to less skilled attackers. Fortinet has released patches for this vulnerability, and immediate patching is strongly recommended. The impact of this vulnerability is significant, as FortiWeb is a widely used web application firewall (WAF). A compromise of these devices could lead to further attacks on the web applications they protect and potentially allow attackers to bypass other security controls. Cybersecurity professionals should prioritize patching vulnerable systems, monitor for unauthorized admin account creation, and review logs for signs of exploitation. Additionally, network segmentation should be considered to limit the impact of potentially compromised security devices. This incident underscores the critical importance of maintaining up-to-date security devices and the potential consequences of authentication bypass vulnerabilities in security infrastructure.