Fortinet Fumble: Hackers Exploit Security Flaw a Month Before Patch Release
Fortinet has finally alerted the world to a critical FortiWeb path traversal vulnerability, CVE-2025-64446, allowing attackers to execute administrative commands. Digital intruders exploited the bug for a month before Fortinet’s advisory, leading to widespread chaos. Remember, folks, in the cybersecurity world, it’s always patch o’clock somewhere.
Hot Take:
Looks like Fortinet played a risky game of hide and seek with a vulnerability, and unfortunately, the hackers won the first round. While Fortinet finally waved the white flag with a security advisory, the intruders have already set up camp in the vulnerable systems. It’s like leaving your door unlocked for a month and being surprised when someone moves in.
Key Points:
– Fortinet published a security advisory for a critical FortiWeb path traversal vulnerability, CVE-2025-64446, under active exploitation.
– Hackers have been exploiting the bug since early October, before the vulnerability was even assigned a CVE.
– The vulnerability allows unauthenticated attackers to execute administrative commands and take over devices.
– FortiWeb version 8.0.2 includes a patch, but the attacks continue on unpatched devices.
– At least 80,000 FortiWeb web app firewalls are connected to the internet and potentially vulnerable.