A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
The attacker sends specially crafted HTTP or HTTPS requests containing path traversal sequences (e.g., '../'), which bypass path access control mechanisms. As a result, requests reach system components normally inaccessible to unauthenticated users. The vulnerability allows execution of administrative commands without requiring any credentials, corresponding to the CVSS vector AV:N/AC:L/PR:N/UI:N.
An unauthenticated attacker can execute arbitrary administrative commands on the FortiWeb device, leading to complete device compromise — loss of confidentiality, integrity, and system availability.
Apply patches available from the vendor according to references (https://fortiguard.fortinet.com/psirt/FG-IR-25-910). Until updates are applied, it is recommended to restrict access to the FortiWeb management interface to trusted IP addresses only and monitor anomalous HTTP/HTTPS requests directed to the administrative panel.
Fortinet FortiWeb in versions: 8.0.0–8.0.1, 7.6.0–7.6.4, 7.4.0–7.4.9, 7.2.0–7.2.11, 7.0.0–7.0.11
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortiweb
APPFortinet7.0.0 – 7.0.12 (bez)7.2.0 – 7.2.12 (bez)7.4.0 – 7.4.10 (bez)7.6.0 – 7.6.5 (bez)8.0.0 – 8.0.2 (bez)
CISA KEV — detailsi
- Vendori
- Fortinet ↗
- Producti
- FortiWeb
- Added to KEVi
- November 14, 2025
- Remediation deadline (US Federal)i
- November 21, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Related vulnerabilities
Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach
Krytyczna podatność SQL Injection w Fortinet FortiWeb — obejście uwierzytelnienia
Fortinet FortiWeb — pominięcie uwierzytelnienia SSO przez spreparowany SAML
Buffer Underflow w interfejsie administracyjnym Fortinet FortiOS / FortiProxy — RCE bez uwierzytelnienia
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 al...