- Fortinet fixes FortiWeb flaw CVE-2025-58034, which allows OS command injection attacks
- Vulnerable versions span 7.0.0–7.0.11, 7.2.0–7.2.11, 7.4.0–7.4.10, 7.6.0–7.6.5, 8.0.0–8.0.1
- Actively exploited in the wild, with ~2,000 attack attempts already detected
Fortinet has issued an emergency patch for a serious vulnerability in FortiWeb that is apparently being exploited in the wild.
FortiWeb is the company’s dedicated web application firewall (WAF), usually installed in front of a website or API and designed to filter out malicious traffic.
In a security advisory, Fortinet said that Jason McFadyen of Trend Micro’s Trend Research found and disclosed an improper neutralization of special elements used in an OS command flaw, also known as ‘OS Command Injection’. This flaw, now tracked as CVE-2025-58034, allows unauthorized threat actors to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. It received a severity score of 7.2/10 (high) and said it does not require user interaction to be exploited.
Thousands of attacks
Essentially, an attacker already authenticated to a vulnerable FortiWeb could exploit CVE-2025-58034 to run arbitrary operating system commands on the device via crafted HTTP or CLI input, potentially gaining full control, installing backdoors, or moving laterally in the network.
Vulnerable versions include 7.0.0 to 7.0.11, 7.2.0 to 7.2.11, 7.4.0 to 7.4.10, 7.6.0 to 7.6.5, and 8.0.0 to 8.0.1. Fortinet encouraged its users to apply the fixes and bring their FortiWeb to versions not affected by the flaw, especially since it is being actively exploited in the wild.
Although the company did not reveal more details about the attacks in the announcement, it told Bleeping Computer it has so far detected about 2,000 attack attempts.
Fortinet vulnerabilities are often exploited, even as zero-days, in cyberespionage and ransomware attacks, as seen in February 2025 when Chinese state-sponsored actor Volt Typhoon used two such flaws against a Dutch Ministry of Defense military network.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
