CVE-2025-64446

This exploit demonstrates a multi-stage attack against FortiWeb, combining authentication bypass via path traversal, arbitrary file upload, and remote code execution to achieve a root reverse shell. The PoC automates the creation of a temporary admin user, uploads a malicious PHP shell, and triggers execution.

The provided content lacks actual exploit code and instead directs users to external links (Patreon) for payloads and demos, which is a common tactic for monetization or malware distribution. The technical details are vague and do not include specific exploit mechanics.

This repository contains a Python-based scanner for detecting the FortiWeb authentication bypass vulnerability (CVE-2025-64446). The scanner checks for specific response patterns indicative of the vulnerability, including a 200 OK response with a JSON payload containing an errcode of '0' and a message of '(null)', or a 403 Forbidden response that may indicate a patched or partially patched system.

This exploit targets CVE-2025-64446 in FortiWeb WAF, allowing unauthenticated creation of admin users via a path traversal vulnerability in the API endpoint. The PoC sends a crafted POST request to create a local admin user with a random password.

This repository contains a functional exploit for chaining CVE-2025-64446 (authentication bypass via relative path traversal) and CVE-2025-58034 (authenticated OS command injection) to achieve unauthenticated remote code execution with root privileges on Fortinet FortiWeb appliances.

This repository contains a Python-based exploit for CVE-2025-64446, a path traversal vulnerability in FortiWeb devices. The exploit can verify the vulnerability and execute CGI endpoint manipulation to create/modify user accounts.

This repository contains a writeup for CVE-2025-64446, a critical path traversal vulnerability in Fortinet FortiWeb that allows administrative command execution. The README describes the vulnerability and provides usage instructions for scanning and exploitation scripts, though the actual exploit code is not included in the provided files.

This PoC exploits CVE-2025-64446, a FortiWeb vulnerability combining path traversal and authentication bypass to create an admin user via a single HTTP request. The exploit sends a crafted POST request to an internal CGI handler, bypassing authentication and achieving RCE.

The repository claims to provide a PoC for CVE-2025-64446 but lacks actual exploit code, instead referencing external scripts (poc.py, exploit.py) not included in the repo. The README is vague and does not provide technical details about the vulnerability.

This repository contains a Python-based exploit for CVE-2025-64446, a critical path traversal vulnerability in Fortinet FortiWeb WAF. The exploit includes automated detection, path traversal testing, and remote code execution capabilities.

This repository provides a detailed technical analysis of CVE-2025-64446, a critical unauthenticated path traversal vulnerability in FortiWeb. It includes root cause analysis, affected versions, mitigation strategies, and detection methods, but does not contain functional exploit code.

This repository provides a detailed technical analysis of CVE-2025-64446, a critical unauthenticated path traversal vulnerability in FortiWeb. It includes root cause analysis, affected versions, mitigation strategies, and detection methods, but does not contain functional exploit code.

This repository provides a detailed technical analysis of CVE-2025-64446 (authentication bypass via path traversal) and CVE-2025-58034 (OS command injection) in FortiWeb. It includes exploit payloads, affected versions, and mitigation steps, but lacks complete functional exploit code.

The repository provides a detailed technical analysis of CVE-2025-64446 (Path Traversal) and CVE-2025-58034 (Command Injection) in FortiWeb, including root cause analysis, exploit mechanics, and proof-of-concept payloads. It explains how unauthenticated attackers can create admin accounts via path traversal and how authenticated users can achieve RCE via command injection.

The repository provides a detailed technical analysis of CVE-2025-64446 (path traversal leading to admin account creation) and CVE-2025-58034 (command injection for RCE) in FortiWeb. It includes root cause analysis, exploit payloads, and screenshots but lacks direct executable exploit code.

This repository provides a detailed writeup on CVE-2025-64446 (authentication bypass via relative path traversal) and CVE-2025-58034 (OS command injection in FortiWeb). It includes technical details, affected versions, and references to a PoC exploit but does not contain actual exploit code.

The repository contains only a README.md with a title and no substantive content or exploit code. No technical details or proof-of-concept are provided.

This PoC exploits an unauthenticated RCE vulnerability in FortiWeb via path traversal and CGI authentication bypass. It sends a crafted JSON payload with a malicious comment field to trigger remote command execution.

This Metasploit module exploits an authentication bypass (CVE-2025-64446) via path traversal to create an admin account, then leverages a command injection (CVE-2025-58034) for root RCE on Fortinet FortiWeb. It includes detailed version targeting, payload handling, and post-exploitation logic.

This repository contains a functional exploit PoC that chains CVE-2025-64446 (authentication bypass via relative path traversal) and CVE-2025-58034 (authenticated OS command injection) to achieve unauthenticated remote code execution on Fortinet FortiWeb appliances. The exploit creates an administrative account and then leverages it to execute arbitrary commands as root.

This repository contains a functional exploit for an authentication bypass vulnerability in FortiWeb. The script sends a crafted POST request to create a new admin user via a path traversal vulnerability in the API endpoint.

This Metasploit module exploits an authentication bypass via path traversal in Fortinet FortiWeb to create a new local admin account. It leverages a vulnerability in the management interface to send a crafted POST request, bypassing authentication and adding a new administrator.