Two FortiWeb vulnerabilities, including a critical unauthenticated bypass (CVE-2025-64446), are under attack. Check logs for rogue admin accounts and upgrade immediately.

An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system.

The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek.