Fortinet has released an urgent security advisory addressing a newly discovered zero-day vulnerability, CVE-2025-58034, in its FortiWeb web application firewall platform, after evidence emerged of active exploitation in the wild.
The flaw, characterized as improper neutralization of special elements used in OS commands (CWE-78), enables authenticated attackers to execute unauthorized code or commands on targeted devices via crafted HTTP requests or through the platform’s CLI interface.
Security researchers, including Jason McFadyen from Trend Research at Trend Micro, are credited with responsibly reporting the vulnerability, which Fortinet published on November 18 alongside mitigation steps.
The vulnerability affects multiple versions, including FortiWeb 8.0 (up to 8.0.1), 7.6 (up to 7.6.5), 7.4 (up to 7.4.10), 7.2 (up to 7.2.11), and 7.0 (up to 7.0.11).
If exploited, attackers could gain the ability to run arbitrary code with system-level privileges, significantly compromising device integrity, potentially pivoting deeper into network environments, and modifying or disabling web protections.
The vulnerability is classified as medium severity with a CVSSv3 score of 6.7 according to Fortinet, though several external researchers have noted comparable path traversal flaws for FortiWeb this month carry critical scores due to unauthenticated access vectors.
Reports from security analysts and organizations such as Rapid7 and Defused have tracked in-the-wild exploitation since early October, including public postings of proof-of-concept code on underground forums.
Attacks have already targeted internet-facing FortiWeb panels, with successful exploitation enabling attackers to automate persistence using newly created administrator accounts.
Fortinet urges all affected users to upgrade to the available patches in 8.0.2, 7.6.6, 7.4.11, 7.2.12, and 7.0.12. Restrict management interface exposure and immediately audit existing admin accounts for unauthorized additions as additional mitigation.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The Cl0p ransomware group has claimed responsibility for infiltrating Broadcom's internal systems as part of…
Grafana Labs has disclosed a critical security vulnerability affecting Grafana Enterprise that could allow attackers…
A critical security vulnerability has been discovered in ASUSTOR backup and synchronization software, allowing attackers…
Microsoft has introduced a practical new feature in Windows 11 designed specifically for public-facing monitors…
SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That…
OpenAI has launched GPT-5.1-Codex-Max, a specialized coding model designed to handle complex development tasks autonomously. The…