Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2025-64446 PoC — Fortinet FortiWeb 安全漏洞

Source
https://github.com/verylazytech/CVE-2025-64446
Associated Vulnerability
Title:Fortinet FortiWeb 安全漏洞 (CVE-2025-64446)
Description:A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Description
CVE-2025-64446 - A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Readme
# POC - CVE-2025-64446 - FortiWeb RCE via Path Traversal + Auth Bypass

[![My Shop](https://img.shields.io/badge/My%20Shop-verylazytech-%23FFDD00?style=flat&logo=buy-me-a-coffee&logoColor=yellow)](https://whop.com/verylazytech/)
[![Medium](https://img.shields.io/badge/Medium-%40verylazytech-%231572B6?style=flat&logo=medium&logoColor=white)](https://medium.com/@verylazytech)
[![Github](https://img.shields.io/badge/Github-verylazytech-%23181717?style=flat&logo=github&logoColor=white)](https://github.com/verylazytech)

## Overview

Fortinet products are some of the most battle-tested appliances protecting enterprise networks today — and ironically, the moment a Forti appliance becomes vulnerable, the blast radius is catastrophic. In late 2025, one of the most dangerous vulnerabilities ever discovered in FortiWeb surfaced: CVE-2025-64446, a chaining vulnerability that combines:

- Path Traversal
- Internal CGI handler exposure
- Authentication Bypass via header forging
- Privilege escalation to full administrative control

All without authentication.
All via a single HTTP request.
All remotely exploitable.

**Read about it** — [CVE-2025-64446](https://nvd.nist.gov/vuln/detail/CVE-2025-64446)

> **Disclaimer**: This Proof of Concept (POC) is made for educational and ethical testing purposes only. Usage of this tool for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

## Getting Started

### Finding Targets

To find potential targets, use Fofa (similar to Shodan.io):

- **Fofa Dork**: "body="FortiWeb" && body="app.min.js""


### Cloning the Repository

First, clone the repository:

```bash
git clone https://github.com/verylazytech/CVE-2025-64446

```

Run the Exploit:

```bash
python3 CVE-2025-64446.py <Target:port>
```
File Snapshot

 [4.0K]  /data/pocs/70824557871109f8ded396e1094047574b4d37b6
├── [3.9K]  cve-2025-64446.py
└── [1.9K]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →