# CVE-2025-64446 Exploit Tool
Exploit tool for CVE-2025-64446 vulnerability verification and exploitation in FortiWeb devices.
## Description
This tool tests for and exploits a path traversal vulnerability (CVE-2025-64446) in FortiWeb web application firewalls. It can be used to verify vulnerability status or exploit the CGI endpoint to create/modify user accounts.
## Installation
```bash
pip install -r requirements.txt
```
## Usage
### Vulnerability Verification (Read-only)
```bash
python3 exploit.py -t <target_ip> --check
```
### Execute Exploit
```bash
python3 exploit.py -t <target_ip> --exploit
```
### Custom Parameters
```bash
python3 exploit.py -t <target_ip> --exploit --username sxy --password sxyrxyadmin1!
```
### Multiple Targets from File
```bash
python3 exploit.py -l targets.txt --check
```
Create a `targets.txt` file with one IP address per line:
```
192.168.1.100
192.168.1.101
192.168.1.102
```
## Options
- `-t, --target` - Target IP address (required if `--targets-file` not used)
- `-l, --targets-file` - File containing target IP addresses (one per line, required if `--target` not used)
- `-p, --port` - Target port (default: 443)
- `--http` - Use HTTP instead of HTTPS
- `--check` - Vulnerability verification only (read-only)
- `--exploit` - Execute CGI endpoint exploit
- `--username` - Username for exploit (default: sxy)
- `--password` - Password to set (default: sxyrxyadmin1!)
- `--profname` - Profile name (default: prof_admin)
- `--vdom` - VDOM name (default: root)
- `--loginname` - Login name (default: admin)
- `--testpoint-name` - Testpoint/user name to create (default: Testpoint)
## Disclaimer
This tool is for authorized security research and educational purposes only. Only use on systems you own or have explicit permission to test.
[4.0K] /data/pocs/3cb3bd34eeaf7f9671758e7feb30e892a48128f7
├── [ 16K] exploit.py
├── [1.8K] README.md
└── [ 33] requirements.txt
1 directory, 3 files