Number: AL25-017
Date: November 14, 2025
Audience
This Alert is intended for IT professionals and managers.
Purpose
An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.
Details
On November 13, 2025, the Cyber Centre became aware of a critical path traversal vulnerability impacting the Web UI of Fortinet's FortiWeb that can result in root access to the deviceFootnote 1. The Cyber Centre has observed open-source reporting which indicates that the vulnerability is being exploited in the wild.
CVE-2025-64446Footnote 2 is a relative path traversal vulnerability in the Common Gateway Interface (CGI) [CWE-23]Footnote 3 of FortiWeb that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
In response to this vulnerability, the Cyber Centre, on November 14, 2025, released AV25-758Footnote 4. CISA has added CVE-2025-64446 to their Known Exploited Vulnerabilities (KEV) Footnote 5 catalog on November 14, 2025.
Suggested actions
Cyber Centre recommends that organizations patch their FortiWeb to the following versions:
| Version | Affected Products | Solutions |
|---|---|---|
| FortiWeb 8.0 | 8.0.0 through 8.0.1 | FortiWeb – version 8.0.2 or later |
| FortiWeb 7.6 | 7.6.0 through 7.6.4 | FortiWeb – version 7.6.5 or later |
| FortiWeb 7.4 | 7.4.0 through 7.4.9 | FortiWeb – version 7.4.10 or later |
| FortiWeb 7.2 | 7.2.0 through 7.2.11 | FortiWeb – version 7.2.12 or later |
| FortiWeb 7.0 | 7.0.0 through 7.0.11 | FortiWeb – version 7.0.12 or later |
It is imperative for organizations to identify and prioritize the patching of vulnerable systems promptly, using guidance provided by the vendorFootnote 1.
The Cyber Centre strongly recommends that organizations follow Fortinet customer guidance for mitigation advice:
- Apply the recommended update. If this is not possible, apply the following workaround:
- Disable HTTP or HTTPS for internet facing interfaces. Fortinet recommend taking this action until an upgrade can be performed.
- Post Upgrade Steps:
- It is recommended that customers review their configurations and logs for unexpected modifications, including the addition of unauthorized administrator accounts.
In addition, the Cyber Centre also strongly recommends that organizations review and implement the Cyber Centre’s Top 10 IT Security Actions with an emphasis on the following topics Footnote 6.
- Patching operating systems and applications
- Segment and separate information
- Isolating Web-Facing applications
Should activity matching the content of this alert be discovered, recipients are encouraged to report via the My Cyber Portal, or email contact@cyber.gc.ca.