This week highlights enhancements to detection signatures improving coverage for vulnerabilities in FortiWeb, linked to CVE-2025-64446, alongside new detection logic expanding protection against PHP Wrapper Injection techniques.
Key Findings
This vulnerability enables an unauthenticated attacker to bypass access controls by abusing the CGIINFO header. The latest update strengthens detection logic to ensure a reliable identification of crafted requests attempting to exploit this flaw.
Impact
- FortiWeb (CVE-2025-64446): Exploitation allows a remote unauthenticated adversary to circumvent authentication mechanisms by sending a manipulated
CGIINFOheader to FortiWeb’s backend CGI handler. Successful exploitation grants unintended access to restricted administrative functionality, potentially enabling configuration tampering or system-level actions.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | b957ace6e9844bf29244401c4e2e1a2e | N/A | FortiWeb – Authentication Bypass via CGIINFO Header – CVE:CVE-2025-64446 | Log | Block | This is a new detection |
| Cloudflare Managed Ruleset | e3871391a93248fa98a78e03b6c44ed5 | N/A | PHP Wrapper Injection – Body – Beta | Log | Disabled | This rule has been merged into the original rule “PHP Wrapper Injection – Body” (ID:fae6fa37ae9249d58628e54b1a3e521e ) |
| Cloudflare Managed Ruleset | e6b1b66e0e3b46969102baed900f4015 | N/A | PHP Wrapper Injection – URI – Beta | Log | Disabled | This rule has been merged into the original rule “PHP Wrapper Injection – URI” (ID:9c02e585db34440da620eb668f76bd74 ) |
Source: Cloudflare
Latest Posts
- (Updated) Introducing Surveys Agent and Copilot Chat in Microsoft Forms [MC1229954]
- (Updated) Microsoft Teams: New chat sections for muted and meeting chats [MC1269864]
- Microsoft Entra ID single sign-on for the Starburst connector in Power BI (Preview)
- Dataverse – Chat and reason over Dataverse business data in Microsoft 365 Copilot (preview) [MC1395644]
![Upcoming Change to Teams Desktop Client on Windows [MC1189656]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-padrinan-1111367-150x150.webp "Upcoming Change to Teams Desktop Client on Windows [MC1189656] 6")
![Retirement of external access token for actionable messages – moving to Microsoft Entra authentication [MC1189663]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-inspiredimages-157557-96x96.webp "Retirement of external access token for actionable messages – moving to Microsoft Entra authentication [MC1189663] 7")