CVE-2025-64446
is CVE-2025-64446real, exploitable, or a false positive? Here's the community ground truth.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
References
Published
Embed this verdict
[](https://www.truepositive.app/cve/CVE-2025-64446)<a href="https://www.truepositive.app/cve/CVE-2025-64446"><img src="https://www.truepositive.app/cve/CVE-2025-64446/badge.svg" alt="TruePositive verdict for CVE-2025-64446"></a>Live badge — updates automatically as the community verdict changes.
Community ground truth
Community verdict
2 verdictsto add your verdict.
In line with its CVSS base score.
Field notes & remediation
Verdicts are the quick signal — notes are the evidence and fixes behind them.
No notes yet — be the first to share what you saw or a fix that worked.
Related CVEs
Same weakness — CWE-23.
- CVE-2024-27199CVSS 7.3KEVEPSS 100%
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
- CVE-2020-5410CVSS 7.5KEVEPSS 96%
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
- CVE-2021-40870CVSS 9.8KEVEPSS 92%
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.