Fortinet’s Silent Patch Fumble: Zero-Day Exploit Leaves Web Apps Vulnerable!
Fortinet has stealthily patched a critical zero-day vulnerability in its FortiWeb firewall, which was being “massively exploited in the wild.” The flaw allowed attackers to create admin users on exposed devices. To avoid uninvited guests, admins are advised to upgrade promptly and review their configurations for unauthorized entries.
Hot Take:
Fortinet’s ‘Silent Night’ strategy for patching zero-day vulnerabilities might have worked in the Christmas carols, but when it comes to cyber threats, it’s more like a Silent Scream! Patchy Claus has come to town, and if your FortiWeb is still rocking last year’s firmware, you’re definitely on the naughty list. Better patch up before your firewall becomes a fire hazard!
Key Points:
- Fortinet silently patched a critical zero-day vulnerability in the FortiWeb web application firewall.
- The vulnerability, now tracked as CVE-2025-64446, allows unauthorized admin-level access through a path traversal flaw.
- The flaw affects FortiWeb versions 8.0.1 and earlier, requiring an upgrade to at least version 8.0.2.
- U.S. federal agencies have been ordered to patch systems by November 21.
- Admins unable to upgrade should restrict HTTP/HTTPS access to trusted networks.
Already a member? Log in here