Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week

Posted on By CWS

Fortinet on Tuesday introduced patches for 17 vulnerabilities, together with a zero-day resolved with the most recent FortiWeb updates.

Tracked as CVE-2025-58034 (CVSS rating of 6.7), the bug is described as an OS command injection subject that may be exploited by authenticated attackers to execute arbitrary code on the underlying system, through crafted HTTP requests or CLI instructions.

“Fortinet has noticed this to be exploited within the wild,” the seller notes in its advisory, with out offering particulars on the assaults.

That is the second FortiWeb zero-day publicly disclosed inside per week, after the corporate confirmed on November 14 that CVE-2025-64446 (CVSS rating of 9.1), a critical-severity path traversal subject, had been focused in assaults.

Fortinet patched each exploited vulnerabilities in FortiWeb variations 8.0.2, 7.6.6, 7.4.11, 7.2.12, and seven.0.12. Customers ought to replace their deployments as quickly as attainable.

Concurrently with Fortinet’s advisory on the second zero-day, the US cybersecurity company CISA added the safety defect to its Recognized Exploited Vulnerabilities (KEV) catalog, urging federal businesses to patch it inside per week.

The quick patching window granted by CISA underlines the significance of exploited FortiWeb bugs. Per Binding Operational Directive (BOD) 22-01, federal businesses sometimes have three weeks to resolve flaws newly added to KEV.

Of the remaining 16 vulnerabilities Fortinet disclosed on Tuesday, three are high-severity flaws in FortiClient Home windows (CVE-2025-47761 and CVE-2025-46373) and FortiVoice (CVE-2025-58692) that would result in the execution of arbitrary code or instructions.Commercial. Scroll to proceed studying.

The corporate additionally addressed medium- and low-severity bugs in FortiExtender, FortiMail, FortiPAM, FortiSandbox, FortiClientWindows, FortiADC, FortiOS, FortiSwitchManager, FortiProxy, and FortiWeb.

Apart from CVE-2025-58034, Fortinet makes no point out of any of those safety defects being exploited within the wild. Further info might be discovered on the corporate’s safety advisories web page.

Associated: Fortinet Confirms Lively Exploitation of Crucial FortiWeb Vulnerability

Associated: Chrome 142 Replace Patches Exploited Zero-Day

Associated: Widespread Exploitation of XWiki Vulnerability Noticed

Associated: Crucial WatchGuard Firebox Vulnerability Exploited in Assaults

Security Week News Tags:, , , , ,

Related Posts

Vulnerabilities Patched by Juniper, VMware and Zoom  Security Week News
OpenAI’s Sam Altman Warns of AI Voice Fraud Crisis in Banking Security Week News
In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware Security Week News
MITRE Updates List of Most Common Hardware Weaknesses Security Week News
Dropzone AI Raises $37 Million for Autonomous SOC Analyst Security Week News
Alleged Chinese State Hacker Wanted by US Arrested in Italy Security Week News