Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks.
Tracked as CVE-2025-58034, this web application firewall security flaw was reported by Jason McFadyen of Trend Micro's Trend Research team.
Authenticated threat actors can gain code execution by successfully exploiting this OS command injection vulnerability in low-complexity attacks that don't require user interaction.
"An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands," Fortinet said.
"Fortinet has observed this to be exploited in the wild," the American cybersecurity company noted in a Tuesday security advisory.
To block incoming attacks, admins are advised to upgrade their FortiWeb devices to the latest available software released today.
Version Affected Solution FortiWeb 8.0 8.0.0 through 8.0.1 Upgrade to 8.0.2 or above FortiWeb 7.6 7.6.0 through 7.6.5 Upgrade to 7.6.6 or above FortiWeb 7.4 7.4.0 through 7.4.10 Upgrade to 7.4.11 or above FortiWeb 7.2 7.2.0 through 7.2.11 Upgrade to 7.2.12 or above FortiWeb 7.0 7.0.0 through 7.0.11 Upgrade to 7.0.12 or above
Last week, Fortinet also confirmed that it silently patched another massively exploited FortiWeb zero-day (CVE-2025-64446) on October 28, three weeks after the threat intel firm Defused first reported active exploitation.
According to Defused, attackers are using HTTP POST requests to create new admin-level accounts on Internet-exposed devices.
On Friday, CISA also added CVE-2025-64446 to its catalog of actively exploited vulnerabilities and ordered U.S. federal agencies to secure their systems by November 21.
... continue reading