Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: Path Traversal Vulnerability in Fortinet FortiWeb - Patch Immediately!
Image
Publié : 17/11/2025
* Last update: 17/11/2025
* Affected products:
→ FortiWeb 8.0 8.0.0 through 8.0.1
→ FortiWeb 7.6 7.6.0 through 7.6.4
→ FortiWeb 7.4 7.4.0 through 7.4.9
→ FortiWeb 7.2 7.2.0 through 7.2.11
→ FortiWeb 7.0 7.0.0 through 7.0.11* Type: Path traversal
* CVE/CVSS:
- CVE-2025-64446: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Fortinet:
Risks
A newly discovered relative path traversal vulnerability in Fortinet FortiWeb allows attackers to execute administrative commands through specially crafted HTTP or HTTPS requests.
Fortinet FortiWeb is an advanced web application firewall (WAF) solution used by enterprises to protect critical web services from attacks such as SQL injection, cross-site scripting (XSS), file inclusion, API abuse, and automated bot traffic. It plays a vital role in safeguarding application infrastructures, ensuring secure traffic handling, and enforcing robust security policies across distributed environments.
If exploited, this could lead to data breaches, system compromise, and operational downtime, impacting the confidentiality, integrity, and availability of critical business systems.
Description
A critical security vulnerability, CVE-2025-64446, has been identified in Fortinet FortiWeb across multiple major release branches. This flaw stems from a relative path traversal weakness that enables attackers to manipulate file paths within crafted HTTP or HTTPS requests.
When successfully exploited, this issue enables an unauthenticated attacker to execute administrative commands directly on the FortiWeb appliance, thereby gaining high-impact control over a core security component.
Fortinet has confirmed that this vulnerability is actively exploited in the wild, significantly elevating urgency for remediation.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
When mitigation measures or workarounds are available, consider implementing these as soon as possible and wherever feasible until you have completed patching.
Where vulnerabilities affect end of life devices, the Centre for Cybersecurity Belgium strongly encourages moving to a supported version.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.