Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Fortinet FortiWeb Relative Path Traversal Vulnerability Allowing Execution of Administrative Commands

Vulnerability

A relative path traversal vulnerability has been identified in Fortinet FortiWeb versions 8.0.0 through 8.0.1, 7.6.0 through 7.6.4, 7.4.0 through 7.4.9, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11. This vulnerability may allow an unauthenticated attacker to execute administrative commands on the system by sending crafted HTTP or HTTPS requests.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of administrative commands on the affected system.

Reproduction

The vulnerability can be reproduced by sending crafted HTTP or HTTPS requests to the FortiWeb application. This can be automated with a Python script available on GitHub, which detects if FortiWeb is vulnerable to authentication bypass by exploiting the path traversal vulnerability.

Remediation

Users are advised to upgrade Fortinet FortiWeb to version 8.0.2 or above, 7.6.5 or above, 7.4.10 or above, 7.2.12 or above, or 7.0.12 or above, depending on their current version. Consult the Fortinet PSIRT for specific upgrade instructions.

Added: Nov 14, 2025, 4:19 PM
Updated: Nov 14, 2025, 6:31 PM

Vulnerability Rating

Custom Algorithm
spread
2.2
impact
7.5
exploitability
10.0
remediation
8.3
relevance
1.1
threat
9.9
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.