Ethical Hacking News
A new Fortinet zero-day vulnerability has been discovered, allowing authenticated attackers to execute unauthorized code on systems via crafted HTTP requests or CLI commands. The vulnerability is being actively exploited in the wild, prompting Fortinet to issue a security update and recommend upgrades to affected versions of its FortiWeb solution.
Fortinet has issued a security update to patch a zero-day vulnerability in its FortiWeb web application firewall. The vulnerability, CVE-2025-58034, is an OS command injection flaw that allows authenticated attackers to execute unauthorized code. The exploit is being actively used by threat actors to gain unauthorized access to systems. Fortinet recommends upgrading to the latest available software release (version 8.0.2 or above) for affected versions. The vulnerabilities highlight the importance of prioritizing software updates and patch management to prevent exploitation.
Fortinet has issued a security update to patch a new zero-day vulnerability in its FortiWeb web application firewall, which threat actors are actively exploiting in attacks. The vulnerability, tracked as CVE-2025-58034, is an OS command injection flaw that allows authenticated attackers to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
This latest vulnerability comes on the heels of another Fortinet zero-day vulnerability, CVE-2025-64446, which was discovered by cybersecurity firm Defused and confirmed by Fortinet earlier this month. The previous vulnerability allowed attackers to create new admin-level accounts on Internet-exposed devices using HTTP POST requests.
Fortinet has observed that both vulnerabilities are being actively exploited in the wild, with threat actors leveraging the command injection flaws to gain unauthorized access to systems. According to Fortinet, these vulnerabilities have significant implications for organizations that rely on its FortiWeb solution to protect against web-based threats.
In light of this new vulnerability, Fortinet has released a security advisory recommending that customers upgrade their FortiWeb devices to the latest available software release. The advisory specifies the affected versions and recommends that users upgrade to version 8.0.2 or above for FortiWeb 8.0, version 7.6.6 or above for FortiWeb 7.6, and so on for other supported versions.
The exploitation of these vulnerabilities highlights the ongoing threat landscape in the cybersecurity world. As organizations continue to rely on complex technology systems to protect against cyber threats, it is essential that they prioritize software updates and patch management to prevent the exploitation of known vulnerabilities.
Moreover, the fact that both Fortinet zero-day vulnerabilities were discovered and exploited so quickly underscores the importance of continuous monitoring and threat intelligence. Cybersecurity firms like Trend Micro's Trend Research team play a crucial role in identifying and reporting on these vulnerabilities, helping organizations stay one step ahead of malicious actors.
In conclusion, the new FortiWeb zero-day vulnerability serves as a reminder of the ongoing need for cybersecurity awareness and vigilance. Organizations must prioritize software updates, patch management, and threat intelligence to protect against the latest threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Fortinet-Sounds-Alarm-on-New-FortiWeb-Zero-Day-Vulnerability-A-Growing-Concern-for-Cybersecurity-ehn.shtml
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-fortiweb-zero-day-exploited-in-attacks/
https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html
https://www.csoonline.com/article/4091939/fortinets-silent-patch-sparks-alarm-as-a-critical-fortiweb-flaw-is-exploited-in-the-wild.html
https://nvd.nist.gov/vuln/detail/CVE-2025-58034
https://www.cvedetails.com/cve/CVE-2025-58034/
https://nvd.nist.gov/vuln/detail/CVE-2025-64446
https://www.cvedetails.com/cve/CVE-2025-64446/
Published: Tue Nov 18 13:09:09 2025 by llama3.2 3B Q4_K_M
