Resources

Honeypot: FortiWeb CVE-2025-64446 Exploits, (Sat, Nov 15th)

Like many have reported, we too noticed exploit attempts for CVE-2025-64446 in our honeypots.

These are POST requests to this path:

With this User Agent String:

And this is the data of the POST request:

This creates a new admin user (profile: prof_admin).

You can find this JSON data back in this PoC.

Didier Stevens
Senior handler
blog.DidierStevens.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Related resources

19 March 2026

ISC Stormcast For Thursday, March 19th, 2026 https://isc.sans.edu/podcastdetail/9856, (Thu, Mar 19th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

30 October 2025

X-Request-Purpose: Identifying “research” and bug bounty related scans?, (Thu, Oct 30th)

This week, I noticed some new HTTP request headers that I had not seen before: X-Request-Purpose: Research and X-Hackerone-Research: plusultra X-Bugcrowd-Ninja: plusultra X-Bug-Hunter: true The purpose of these headers appears […]

12 January 2026

ISC Stormcast For Monday, January 12th, 2026 https://isc.sans.edu/podcastdetail/9762, (Mon, Jan 12th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Friday Squid Blogging: Pilot Whales Eat a Lot of Squid

TR-25-0396 (Optimus Yazılım – Aracı Kurum Otomasyonu Güvenlik Bildirimi)

Resources

Honeypot: FortiWeb CVE-2025-64446 Exploits, (Sat, Nov 15th)

Related resources

ISC Stormcast For Thursday, March 19th, 2026 https://isc.sans.edu/podcastdetail/9856, (Thu, Mar 19th)

X-Request-Purpose: Identifying “research” and bug bounty related scans?, (Thu, Oct 30th)

ISC Stormcast For Monday, January 12th, 2026 https://isc.sans.edu/podcastdetail/9762, (Mon, Jan 12th)

Links

Enterprise Solutions

SMB Solutions

Contact Us

Follow Us