[webapps] Fortinet FortiWeb v8.0.1 - Auth Bypass
好的,我现在需要帮用户总结这篇文章的内容。用户的要求是用中文,控制在100字以内,不需要特定的开头,直接描述文章内容。 首先,我看看文章的主要内容。文章讲的是Fortinet FortiWeb v8.0.1的一个漏洞,CVE-2025-64446。这是一个路径遍历漏洞,影响多个版本的FortiWeb WAF。攻击者可以利用这个漏洞绕过认证,获得管理员权限。严重性评分是9.8,属于Critical级别。 接下来,受影响的版本包括8.0.x、7.6.x、7.4.x、7.2.x和7.0.x的多个版本。修复版本已经发布,建议尽快升级。此外,文章还提到了缓解措施,比如禁用公共访问、限制接口到内部网络等。 现在我要把这些信息浓缩到100字以内。需要包括漏洞名称、影响范围、攻击后果、修复建议以及缓解措施。 可能的结构是:FortiWeb v8.0.1存在高危漏洞CVE-2025-64446,导致认证绕过和管理访问。影响多个版本,已发布补丁。建议升级并采取临时措施。 检查字数是否在限制内,并确保信息准确无误。 </think> FortiWeb v8.0.1 存在高危漏洞 CVE-2025-64446,可能导致认证绕过和管理访问权限获取。该漏洞影响多个版本的 FortiWeb WAF 系统,已发布补丁修复。建议用户立即升级至安全版本,并采取临时缓解措施以降低风险。 2026-4-6 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:13 收藏
好的,我现在需要帮用户总结这篇文章的内容。用户的要求是用中文,控制在100字以内,不需要特定的开头,直接描述文章内容。 首先,我看看文章的主要内容。文章讲的是Fortinet FortiWeb v8.0.1的一个漏洞,CVE-2025-64446。这是一个路径遍历漏洞,影响多个版本的FortiWeb WAF。攻击者可以利用这个漏洞绕过认证,获得管理员权限。严重性评分是9.8,属于Critical级别。 接下来,受影响的版本包括8.0.x、7.6.x、7.4.x、7.2.x和7.0.x的多个版本。修复版本已经发布,建议尽快升级。此外,文章还提到了缓解措施,比如禁用公共访问、限制接口到内部网络等。 现在我要把这些信息浓缩到100字以内。需要包括漏洞名称、影响范围、攻击后果、修复建议以及缓解措施。 可能的结构是:FortiWeb v8.0.1存在高危漏洞CVE-2025-64446,导致认证绕过和管理访问。影响多个版本,已发布补丁。建议升级并采取临时措施。 检查字数是否在限制内,并确保信息准确无误。 </think> FortiWeb v8.0.1 存在高危漏洞 CVE-2025-64446,可能导致认证绕过和管理访问权限获取。该漏洞影响多个版本的 FortiWeb WAF 系统,已发布补丁修复。建议用户立即升级至安全版本,并采取临时缓解措施以降低风险。 2026-4-6 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:13 收藏
# Titles:Fortinet FortiWeb v8.0.1 - Auth Bypass
# Author: nu11secur1ty
# Date: 11/15/2025
# Vendor: https://www.fortinet.com/
# Software: v8.0.1
# Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-64446
## Description:
CVE-2025-64446 is a critical path traversal vulnerability affecting
multiple versions of Fortinet FortiWeb, a Web Application Firewall (WAF)
used to protect web applications and APIs.
The vulnerability allows an unauthenticated remote attacker to send
specially crafted HTTP/HTTPS requests that may result in administrative
access bypass on vulnerable FortiWeb systems.
## Severity
- CVSS v3.1 Score: 9.8 (Critical)
- Attack Vector: Network
- Privileges Required: None (Unauthenticated)
- User Interaction: None
- Impact: High (Authentication bypass, configuration exposure, potential
full administrative access)
## Affected Products & Versions
The following FortiWeb versions are confirmed vulnerable:
| Product | Affected Versions |
|--------|--------------------|
| FortiWeb 8.0.x | 8.0.0 – 8.0.1 |
| FortiWeb 7.6.x | 7.6.0 – 7.6.4 |
| FortiWeb 7.4.x | 7.4.0 – 7.4.9 |
| FortiWeb 7.2.x | 7.2.0 – 7.2.11 |
| FortiWeb 7.0.x | 7.0.0 – 7.0.11 |
## Fixed Versions
Fortinet has released patched versions that fully address CVE-2025-64446:
| Product | Fixed Version |
|---------|----------------|
| FortiWeb 8.0.x | 8.0.2 or later |
| FortiWeb 7.6.x | 7.6.5 or later |
| FortiWeb 7.4.x | 7.4.10 or later |
| FortiWeb 7.2.x | 7.2.12 or later |
| FortiWeb 7.0.x | 7.0.12 or later |
## Technical Description
The vulnerability stems from insufficient path normalization in HTTP/HTTPS
request handling, allowing externally controlled paths to bypass directory
restrictions.
This may result in:
- Unauthorized access to backend administrative endpoints
- Exposure of sensitive configuration
- Potential manipulation of management interfaces
## Impact
If successfully exploited, attackers may achieve:
- Authentication bypass
- Administrative access
- Ability to view/modify configuration
- Possible service disruption
## Mitigation
If immediate patching is not possible:
1. Disable public HTTP/HTTPS administrative access.
2. Restrict admin interfaces to trusted internal networks.
3. Use firewall rules to limit admin-port access.
4. Monitor logs for traversal-like patterns.
## Remediation
**Upgrade to the nearest patched version as soon as possible.**
## Disclosure Timeline
| Date | Event |
|------|--------|
| 2025-XX-XX | Vulnerability discovered |
| 2025-XX-XX | Vendor notified |
| 2025-XX-XX | Patch development |
| 2025-XX-XX | Advisory published |
| 2025-XX-XX | CVE assigned |
# STATUS:
HIGH - CRITICAL
[+]Payload:
```
No! For security reasons!
```
# Reproduce:
[href](https://www.patreon.com/posts/cve-2025-64446-143637933)
# Demo:
[href](https://www.patreon.com/posts/cve-2025-64446-143637933)
# Time spent:
25:00:00
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
home page: https://www.asc3t1c-nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <https://www.asc3t1c-nu11secur1ty.com/>
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstorm.news/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.asc3t1c-nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>
文章来源: https://www.exploit-db.com/exploits/52495
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh