Overview
- Newly listed CVE-2025-58034 is an OS command injection in FortiWeb that enables authenticated code execution, with Trend Micro’s Jason McFadyen credited for the report.
- CISA’s KEV inclusion mandates Federal Civilian Executive Branch agencies remediate CVE-2025-58034 by November 25 after ordering fixes for CVE-2025-64446 by November 21.
- Fortinet has issued patches for both flaws, with CVE-2025-64446 quietly fixed in FortiWeb 8.0.2 on October 28 before public advisories highlighted active exploitation.
- Upgrade guidance includes moving 8.0.0–8.0.1 to 8.0.2 or later and updating 7.6.0–7.6.5 to 7.6.6, with similar point releases available for the 7.4, 7.2, and 7.0 branches.
- Defenders are urged to disable internet-facing HTTP/HTTPS management temporarily and review logs for unauthorized admin accounts, as attackers have been creating persistent users.