Overview
- Fortinet released fixes for CVE-2025-58034, an authenticated OS command-injection bug in FortiWeb, and acknowledged in-the-wild exploitation.
- CISA added CVE-2025-58034 to its Known Exploited Vulnerabilities catalog, triggering a short federal remediation timeline and elevating urgency.
- Affected FortiWeb branches require upgrades to 8.0.2, 7.6.6, 7.4.11, 7.2.12, or 7.0.12 (or later) to block ongoing attacks, with no published workaround for this flaw.
- Days earlier, Fortinet confirmed CVE-2025-64446, a high-severity path traversal enabling unauthenticated administrative commands, which was quietly fixed on October 28 and is also on CISA’s KEV list.
- Researchers reported widespread exploitation since early October with attackers creating new admin accounts on internet-exposed devices, and agencies advised disabling HTTP/HTTPS on external interfaces as a temporary risk-reduction step for CVE-2025-64446 only.