Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week

Posted on By CWS

Fortinet on Tuesday introduced patches for 17 vulnerabilities, together with a zero-day resolved with the most recent FortiWeb updates.

Tracked as CVE-2025-58034 (CVSS rating of 6.7), the bug is described as an OS command injection subject that may be exploited by authenticated attackers to execute arbitrary code on the underlying system, through crafted HTTP requests or CLI instructions.

“Fortinet has noticed this to be exploited within the wild,” the seller notes in its advisory, with out offering particulars on the assaults.

That is the second FortiWeb zero-day publicly disclosed inside per week, after the corporate confirmed on November 14 that CVE-2025-64446 (CVSS rating of 9.1), a critical-severity path traversal subject, had been focused in assaults.

Fortinet patched each exploited vulnerabilities in FortiWeb variations 8.0.2, 7.6.6, 7.4.11, 7.2.12, and seven.0.12. Customers ought to replace their deployments as quickly as attainable.

Concurrently with Fortinet’s advisory on the second zero-day, the US cybersecurity company CISA added the safety defect to its Recognized Exploited Vulnerabilities (KEV) catalog, urging federal businesses to patch it inside per week.

The quick patching window granted by CISA underlines the significance of exploited FortiWeb bugs. Per Binding Operational Directive (BOD) 22-01, federal businesses sometimes have three weeks to resolve flaws newly added to KEV.

Of the remaining 16 vulnerabilities Fortinet disclosed on Tuesday, three are high-severity flaws in FortiClient Home windows (CVE-2025-47761 and CVE-2025-46373) and FortiVoice (CVE-2025-58692) that would result in the execution of arbitrary code or instructions.Commercial. Scroll to proceed studying.

The corporate additionally addressed medium- and low-severity bugs in FortiExtender, FortiMail, FortiPAM, FortiSandbox, FortiClientWindows, FortiADC, FortiOS, FortiSwitchManager, FortiProxy, and FortiWeb.

Apart from CVE-2025-58034, Fortinet makes no point out of any of those safety defects being exploited within the wild. Further info might be discovered on the corporate’s safety advisories web page.

Associated: Fortinet Confirms Lively Exploitation of Crucial FortiWeb Vulnerability

Associated: Chrome 142 Replace Patches Exploited Zero-Day

Associated: Widespread Exploitation of XWiki Vulnerability Noticed

Associated: Crucial WatchGuard Firebox Vulnerability Exploited in Assaults

Security Week News Tags:, , , , ,

Related Posts

Cybersecurity M&A Roundup: 27 Deals Announced in August 2025 Cybersecurity M&A Roundup: 27 Deals Announced in August 2025 Security Week News
MainStreet Bank Data Breach Impacts Customer Payment Cards  MainStreet Bank Data Breach Impacts Customer Payment Cards  Security Week News
Gen Z in the Crosshairs: Cybercriminals Shift Focus to Young, Digital-Savvy Workers Gen Z in the Crosshairs: Cybercriminals Shift Focus to Young, Digital-Savvy Workers Security Week News
Cybersecurity M&A Roundup: 42 Deals Announced in May 2025 Cybersecurity M&A Roundup: 42 Deals Announced in May 2025 Security Week News
Complex Routing, Misconfigurations Exploited for Domain Spoofing in Phishing Attacks Complex Routing, Misconfigurations Exploited for Domain Spoofing in Phishing Attacks Security Week News
Allianz Life Data Breach Impacts Most of 1.4 Million US Customers Allianz Life Data Breach Impacts Most of 1.4 Million US Customers Security Week News