Rewterz

DarkCrystal RAT aka DCRat – Active IOCs

December 15, 2025
Rewterz

CVE-2025-14659 – D-Link DIR-860LB1/DIR-868LB1 Vulnerability

December 15, 2025

Multiple Fortinet Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-64153 CVSS:7.2

Fortinet FortiExtender may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request, caused by an OS command injection vulnerability.

CVE-2025-57823 CVSS:2.7

Fortinet FortiAuthenticator may allow an authenticated attacker with at least sponsor permissions to read and download device logs via accessing specific endpoints, caused by a direct request vulnerability.

CVE-2025-64471 CVSS:4.9

Fortinet FortiWeb may allow an attacker to use the hash in place of the password to authenticate uisng specially crafted HTTP/HTTPS requests, caused by the use of password hash instead of password for authentication vulnerability.

CVE-2025-60024 CVSS:8.8

Fortinet FortiVoice may allow a privileged authenticated attacker to write arbitrary files via specifically HTTP or HTTPS commands, caused by a directory traversal vulnerability.

CVE-2025-64447 CVSS:7.1

A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.

Impact

  • Gain Access
  • Security Bypass
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2025-64153

  • CVE-2025-57823

  • CVE-2025-64471

  • CVE-2025-60024

  • CVE-2025-64447

Affected Vendors

  • Fortinet

Affected Products

  • Fortinet FortiWeb 8.0.0
  • Fortinet FortiVoice 7.2.0
  • Fortinet FortiAuthenticator 6.6.0
  • Fortinet FortiExtender 7.6.0
  • Fortinet FortiWeb 8.0.0 - 8.0.1
  • Fortinet FortiWeb 7.6.0 - 7.6.5
  • Fortinet FortiWeb 7.4.0 - 7.4.10
  • Fortinet FortiWeb 7.2.0 - 7.2.11
  • Fortinet FortiWeb 7.0.0 - 7.0.11

Remediation

Refer to Fortinet Security Advisory for patch, upgrade or suggested workaround information.

CVE-2025-64153

CVE-2025-57823

CVE-2025-64471

CVE-2025-60024

CVE-2025-64447

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.