Overview
- The newly added CVE-2025-58034 is an OS command injection in Fortinet FortiWeb that lets authenticated attackers execute unauthorized code via crafted HTTP requests or CLI commands.
- CISA placed CVE-2025-58034 on its Known Exploited Vulnerabilities list and gave federal civilian agencies until November 25 to patch, citing ongoing attacks and a reduced remediation window.
- An earlier FortiWeb issue, CVE-2025-64446, enables unauthenticated administrative command execution; CISA set a November 21 patch deadline after Fortinet initially shipped a silent fix on October 28.
- Fortinet released updates for affected FortiWeb branches and advises disabling internet-facing management access and reviewing logs for unauthorized administrator accounts such as “Testpoint” or “trader.”
- Trend Micro credited researcher Jason McFadyen with reporting CVE-2025-58034, and the company says it has observed around 2,000 detections tied to exploitation attempts.