CISA adds Fortinet FortiWeb vulnerability to Known Exploited Vulnerabilities Catalog

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog by including a newly identified vulnerability affecting Fortinet FortiWeb. This vulnerability involves path traversal, which has the potential to impact system security significantly.

The vulnerability is identified as CVE-2025-64446 and affects Fortinet FortiWeb devices. The issue arises from an exploitable path traversal flaw in the affected product. The catalog entry is based on confirmed active exploitation. No additional vulnerabilities are referenced alongside this one in the update.

Systems vulnerable to this flaw may be subject to unauthorized access or manipulation as a result of the path traversal condition. The advisory notes that this type of vulnerability is commonly exploited by malicious actors and poses risks to enterprise networks.

Currently, the advisory does not specify any fixes or patches associated with CVE-2025-64446. The vulnerability is recognized within the framework of the Binding Operational Directive (BOD) 22-01, which mandates remediation efforts for federal networks against identified threats.

Under BOD 22-01, federal civilian executive branch agencies are required to address vulnerabilities listed in the KEV Catalog by designated deadlines. While this directive directly applies to these agencies, CISA recommends that all organizations consider prioritizing remediation of vulnerabilities included in the catalog as part of their security management processes. Future catalog updates will continue to incorporate vulnerabilities that meet established criteria for known exploitation.

CISA issues advisory on Safetica kernel driver IOCTL vulnerability

JumpCloud Inc. adds Google Workspace as sponsor for JumpCloudLand 2026

Netskope publishes research on I&O readiness for AI ERA