Fortinet has issued security updates to fix a zero-day vulnerability in FortiWeb (CVE-2025-58034) that hackers are actively exploiting. This flaw allows authenticated attackers to execute unauthorized code through crafted HTTP requests, emphasizing the need for immediate patching. #FortiWeb #CVE-2025-58034
Keypoints
- Fortinet released security updates for a zero-day vulnerability in FortiWeb.
- Threat actors are exploiting CVE-2025-58034 in active attacks in the wild.
- The vulnerability allows code execution via OS command injection with low complexity attacks.
- Admins are advised to upgrade affected FortiWeb versions to latest releases to prevent exploitation.
- Previously, Fortinet patched other significant zero-days, including CVE-2025-64446 and CVE-2025-25256.