CISA adds one known exploited vulnerability to catalog

CISA has included a new security flaw in its Known Exploited Vulnerabilities (KEV) Catalog affecting Fortinet FortiWeb. This vulnerability involves a path traversal issue and has been observed being exploited in the wild.

The vulnerability identified as CVE-2025-64446 impacts Fortinet's FortiWeb product. It exploits a path traversal weakness, permitting threat actors to access unauthorized file system locations. The vulnerability can be triggered through interactions with the affected components. The advisory specifies this issue distinctly as a path traversal vulnerability associated with FortiWeb and differentiates it from other vulnerabilities based on the Common Vulnerabilities and Exposures (CVE) identifier.

The exploitation of this vulnerability may expose federal systems to unauthorized access or manipulation, posing risks to operational security. The advisory notes that such vulnerabilities have been frequently targeted by adversaries.

The Binding Operational Directive (BOD) 22-01 mandates Federal Civilian Executive Branch agencies to remediate vulnerabilities cataloged in the KEV list. This directive establishes deadlines for addressing these security issues to protect federal networks. The directive's fact sheet offers detailed information on compliance requirements relating to CVE-2025-64446.

CISA encourages all organizations, beyond those covered by BOD 22-01, to prioritize addressing vulnerabilities listed in the KEV Catalog as part of ongoing vulnerability management processes. Additional vulnerabilities meeting the specified criteria will be added to the catalog in the future.

CISA issues advisory on Safetica kernel driver IOCTL vulnerability

JumpCloud Inc. adds Google Workspace as sponsor for JumpCloudLand 2026

Netskope publishes research on I&O readiness for AI ERA