A critical authentication bypass vulnerability in Fortinet’s FortiWeb web application firewalls (WAF), identified as CVE-2025-64446 with a CVSS score of 9.8, is being actively and indiscriminately exploited in the wild. The flaw allows unauthenticated attackers to execute administrative commands and gain complete control of affected devices. Fortinet has released patches to address the issue, but […]
The post FortiWeb at Risk: Unauthenticated Attackers Gaining Full WAF Control via Admin Creation appeared first on SecPod Blog.