The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical vulnerability affecting Fortinet FortiWeb appliances that threat actors are currently exploiting in active attacks.
The agency added CVE-2025-58034 to its Known Exploited Vulnerabilities (KEV) catalog on November 18, 2025, signaling immediate risk to organizations using the affected product.
The vulnerability identified as CVE-2025-58034 is an OS command injection weakness categorized under CWE-78.
This security flaw allows authenticated attackers to execute unauthorized code on the underlying operating system of FortiWeb devices.
Exploitation occurs through specially crafted HTTP requests or command-line interface (CLI) commands that bypass security controls and grant attackers direct access to system-level functions.
Despite requiring authentication, this vulnerability poses a significant threat because attackers who gain initial access can leverage it to escalate privileges and execute malicious code.
This can lead to complete system compromise, data theft, and potential deployment of ransomware or other malware.
| CVE ID | Vulnerability | Affected Product | Impact | Exploit Prerequisites | Related CWE |
|---|---|---|---|---|---|
| CVE-2025-58034 | OS Command Injection | Fortinet FortiWeb | Unauthorized code execution | Authentication required | CWE-78 |
CISA has mandated that federal agencies must apply security patches and mitigations by November 25, 2025, giving organizations just seven days to remediate the vulnerability.
The directive follows Binding Operational Directive (BOD) 22-01, which requires agencies to address known exploited vulnerabilities within strict timeframes.
Organizations using Fortinet FortiWeb are strongly urged to follow vendor instructions immediately. Fortinet has released security updates and mitigation guidance that administrators should implement without delay.
CISA recommends following applicable cloud service guidance or discontinuing use of vulnerable products until proper security measures can be implemented.
The active exploitation of this vulnerability underscores the importance of keeping security patches up to date and monitoring vendor advisories for enterprise security infrastructure.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That…
OpenAI has launched GPT-5.1-Codex-Max, a specialized coding model designed to handle complex development tasks autonomously. The…
The U.S. Department of the Treasury, Australia, and the United Kingdom have announced coordinated sanctions…
Salesforce has issued a critical security alert identifying "unusual activity" involving Gainsight-published applications connected to…
The notorious Clop ransomware gang has listed Oracle on its dark web leak site, alleging…
A critical remote code execution flaw in Microsoft's Windows Graphics Component allows attackers to seize…