Key Findings A critical vulnerability in Fortinet's FortiWeb Web Application Firewall (WAF) product allows unauthenticated attackers to gain administrative-level access. The flaw has been observed actively exploited in the wild since October 2025. A public Proof-of-Concept (PoC) exploit exists, raising the likelihood of widespread exploitation. Organizations using vulnerable versions of FortiWeb are advised to take emergency remediation steps. Background On October 6, 2025, c
