Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage

(The Digital Artist / Pixabay)

By Matt Kapko

Federal authorities and researchers alerted organizations Friday to a massively exploited vulnerability in Fortinet’s web application firewall. 

While the actively exploited critical defect poses significant risk to Fortinet’s customers, researchers are particularly agitated about the vendor’s delayed communications and, ultimately, post-exploitation warnings about the vulnerability.

Fortinet addressed CVE-2025-64446 in a software update pushed Oct. 28, but did not assign the flaw a CVE or publicly disclose its existence until last week — 17 days later — when the company also confirmed the vulnerability has been exploited in the wild.

Read more at CyberScoop

Click to listen highlighted text!