Honeypot: FortiWeb CVE-2025-64446 Exploits

    Published: 2025-11-15. Last Updated: 2025-11-15 09:44:35 UTC
    by Didier Stevens (Version: 1)
    0 comment(s)

    Like many have reported, we too noticed exploit attempts for CVE-2025-64446 in our honeypots.

    These are POST requests to this path:

    With this User Agent String:

    And this is the data of the POST request:

    This creates a new admin user (profile: prof_admin).

    You can find this JSON data back in this PoC.

     

    Didier Stevens
    Senior handler
    blog.DidierStevens.com

    Keywords:
    0 comment(s)

      Comments

      Login here to join the discussion.


      Diary Archives