CISA and FortiGuard Warn of New FortiWeb Vulnerability Exploit

Oh no, not this again: CISA and FortiGuard Labs alert about another exploited vulnerability in FortiWeb

Last updated on November 19, 2025November 20, 2025 by RS Web Solutions on Categories Internet & Cybersecurity

CISA and FortiGuard Labs Issue Warning on Exploited FortiWeb Vulnerabilities

In a disconcerting update, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside FortiGuard Lab, has alerted the public about a newly exploited vulnerability within Fortinet’s FortiWeb firewall solution.

The vulnerability, termed CVE-2025-58034, represents a command injection zero-day flaw affecting multiple iterations of Fortinet’s FortiWeb products. This susceptibility has been actively exploited, drawing attention to an already beleaguered line of firewall products.

Disclosed on November 18, this command injection vulnerability allows authenticated attackers to execute malicious code via meticulously crafted CLI commands or HTTP requests.

With a Common Vulnerability Scoring System (CVSS) score of 6.7, it is classified as of medium severity—a rather alarming situation given that nefarious actors have already begun their assaults.

Fortinet acknowledged the occurrence of active exploitation in real-world scenarios and further revealed that CISA has included this vulnerability in its Known Exploited Vulnerabilities Catalog.

In a recent advisory dated November 18, CISA remarked, “This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.”

The vulnerability affects the following versions of FortiWeb:

7.6.0 through 7.6.4
7.4.0 through 7.4.8
7.2.0 through 7.2.11
7.0.2 through 7.0.11

Fortinet conveyed its gratitude to Jason McFadyen from Trend Research of Trend Micro for responsibly disclosing this vulnerability.

This incident follows an earlier revelation this week, where both Fortinet and CISA indicated the active exploitation of CVE-2025-64446, an authentication bypass vulnerability also affecting FortiWeb products. Security analysts had raised alarms regarding its exploitation just the week prior.

On November 14, Benjamin Harris, CEO of watchTowr, remarked, “Oh, look at that, it’s a Thursday! And in continuing with Thursdays, the watchTowr team is seeing active, indiscriminate in-the-wild exploitation of what appears to be a silently patched vulnerability in Fortinet’s FortiWeb product.”

Source link: Cybersecurityconnect.com.au.

Disclosure: This article is for general information only and is based on publicly available sources. We aim for accuracy but can't guarantee it. The views expressed are the author's and may not reflect those of the publication. Some content was created with help from AI and reviewed by a human for clarity and accuracy. We value transparency and encourage readers to verify important details. This article may include affiliate links. If you buy something through them, we may earn a small commission — at no extra cost to you. All information is carefully selected and reviewed to ensure it's helpful and trustworthy.

Reported By

RS Web Solutions

We provide the best tutorials, reviews, and recommendations on all technology and open-source web-related topics. Surf our site to extend your knowledge base on the latest web trends.