Fortinet patches actively exploited FortiWeb vulnerability
Take action: If you are running FortiWeb firewalls, plan a very quick patch. The flaw is actively exploited as a second stage attack, after gaining access to credentials for the firewall. So isolating the system won't help. Work with your admin team to increase awareness of phishing, malware and other first stage attacks, but also update the FortiWeb. Everyone can be eventually hacked.
Learn More
Fortinet has released security updates to patch an actively exploited vulnerability in its FortiWeb web application firewall.
The vulnerability is as CVE-2025-58034 (CVSS score 7.2), is an OS command injection that allows authenticated attackers to execute unauthorized code on the underlying system through crafted HTTP requests or CLI commands, potentially leading to system compromise.
Trend Research of Trend Micro confirmed that the flaw has been exploited in approximately 2,000 detected attacks so far. Fortinet has confirmed active exploitation in the wild.
Affected versions of FortiWeb are FortiWeb 8.0 (versions 8.0.0 through 8.0.1), FortiWeb 7.6 (versions 7.6.0 through 7.6.5), FortiWeb 7.4 (versions 7.4.0 through 7.4.10), FortiWeb 7.2 (versions 7.2.0 through 7.2.11), and FortiWeb 7.0 (versions 7.0.0 through 7.0.11).
Fortinet has released patches across all affected version branches. Administrators should upgrade their FortiWeb instances to the following versions:
- FortiWeb 8.0.2 or above for the 8.0 branch,
- FortiWeb 7.6.6 or above for the 7.6 branch,
- FortiWeb 7.4.11 or above for the 7.4 branch,
- FortiWeb 7.2.12 or above for the 7.2 branch,
- FortiWeb 7.0.12 or above for the 7.0 branch.
Just last week, Fortinet confirmed it had silently patched another FortiWeb zero-day (CVE-2025-64446) on October 28, which attackers were using to create admin-level accounts on Internet-exposed devices through HTTP POST requests.
