- Fortinet patched FortiWeb flaw CVE-2025-58034, enabling OS command injection attacks
- Vulnerable versions span 7.0.0–7.0.11, 7.2.0–7.2.11, 7.4.0–7.4.10, 7.6.0–7.6.5, 8.0.0–8.0.1
- Actively exploited in the wild, with ~2,000 attack attempts already detected
Fortinet has issued an urgent patch for a high-severity vulnerability in FortiWeb which is apparently being abused in the wild.
FortiWeb is the company’s dedicated web application firewall (WAF), usually installed in front of a website or API and designed to filter out malicious traffic.
In a security advisory, Fortinet said Jason McFadyen of Trend Micro’s Trend Research found, and disclosed, an improper neutralization of special elements used in an OS command flaw, also known as ‘OS Command Injection’. This bug, now tracked as CVE-2025-58034, allows unauthenticated threat actors to execute unauthorized code on the underlying system, via crafted HTTP requests, or CLI commands. It was given a severity score of 7.2/10 (high) and said that to be exploited, it does not require user interaction.
Thousands of attacks
Basically, an attacker who’s already authenticated to a vulnerable FortiWeb could exploit CVE-2025-58034 to run arbitrary operating-system commands on the device via crafted HTTP or CLI input, potentially gaining full control, installing backdoors, or moving laterally in the network.
Vulnerable versions include 7.0.0 through 7.0.11, 7.2.0 through 7.2.11, 7.4.0 through 7.4.10, 7.6.0 through 7.6.5, and 8.0.0 through 8.0.1. Fortinet urged its users to apply the fixes and bring their FortiWeb to versions unaffected by the bug, especially since it is being actively exploited in the wild.
While the company did not disclose more details about the attacks in the advisory, it did tell BleepingComputer it has so far detected around 2,000 attack attempts.
Fortinet vulnerabilities are often exploited, even as zero-days, in cyber-espionage and ransomware attacks, as seen in February 2025 when the Chinese state-sponsored actor Volt Typhoon used two such flaws against a Dutch Ministry of Defence military network.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
