Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks

Fortinet has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now being ...

Fortinet FortiWeb flaw with public PoC exploited to create admin users

A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed ...
American Hospital Association

H-ISAC TLP White Vulnerability Bulletin: Zero-Day Exploitation of Fortinet FortiWeb Path Traversal Flaw

On October 6, 2025, security researchers at Defused reported a path traversal flaw in Fortinet’s FortiWeb web application firewall (WAF) being exploited in-the-wild as a zero-day since October 2025.