Fortinet has disclosed a new security vulnerability (CVE-2025-58034) in FortiWeb that is actively exploited in the wild, requiring authentication for an attacker to execute system commands. The company has issued patches for various versions but has not released an advisory, raising concerns about delayed communication and defensive preparedness. #FortiWeb #CVE-2025-58034
Keypoints
- Fortinet identified and patched a medium-severity vulnerability in FortiWeb called CVE-2025-58034.
- The flaw allows authenticated attackers to execute arbitrary OS commands through crafted requests.
- Versions affected include FortiWeb 8.0.0 to 8.0.1 and other earlier versions, with updates available.
- Fortinet did not initially publish an advisory about the vulnerability, raising concerns among cybersecurity experts.
- The company credited Trend Micro researcher Jason McFadyen for reporting the flaw and continues active remediation efforts.
Read More: https://thehackernews.com/2025/11/fortinet-warns-of-new-fortiweb-cve-2025.html